RESOLU IE ki ouvre pleins pleins de fenetre sous l'url edtrgt.com
Forum Sécurité - Virus : RESOLU IE ki ouvre pleins pleins de fenetre sous l'url edtrgt.com
ha merci bien a toi ,sa donne sa ,kesten pence ?dis moi
info.txt logfile of random's system information tool 1.05 2009-03-16 15:53:58
======Uninstall list======
-->"C:\Program Files\Orange\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
AirPlus G-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1036
ANIO Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove
Creative Live! Cam Vista IM Driver (1.00.03.0000)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0420.uns -unsext NT -plugin V0420Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Gestionnaire de photos Creative-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
Guide de l'utilisateur Creative Live! Cam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x40c /remove
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\HXFSETUP.EXE -U -IPDAZLCM5K.INF
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Image Converter 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}\setup.exe" -l0x40c /CONPANE -removeonly
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muveeNow 2.0 - Creative-->C:\Program Files\InstallShield Installation Information\{B0F64C44-DC77-497D-9A27-C0F5BAB12493}\setup.exe -runfromtemp -l0x040c -removeonly
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.2.0.7\InstStub.exe /X
OOoHG pour OpenOffice 2-->C:\Program Files\OOoHG\uninstall.exe
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OpenOffice.org 2.0-->MsiExec.exe /I{518E7702-18C9-4CF7-9BC2-EEEA9E252763}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PDF Manual NW-A800 Series-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}\setup.exe" -l0x40c UNINSTALL -removeonly
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
Suppléments pour OpenOffice 2-->C:\Program Files\AddOnsOO2\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Utilitaire de sauvegarde Windows-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Video Downloader-->C:\Program Files\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
WALKMAN Launcher-->C:\Program Files\InstallShield Installation Information\{C20B3C31-28CD-4732-AE45-A30F401AF91F}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {E8A81E1F-665E-4F81-B04D-B6D164A8F360}
Windows Live Toolbar-->MsiExec.exe /X{E8A81E1F-665E-4F81-B04D-B6D164A8F360}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Norton AntiVirus
System event log
Computer Name: NOM_ORDINATEUR
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 40705
Source Name: EventLog
Time Written: 20090208122338.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 40704
Source Name: EventLog
Time Written: 20090208122338.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 40703
Source Name: EventLog
Time Written: 20090207220748.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{43A83BE5-06D2-4ACE-B7EE-8D67AA71BFF4} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 40702
Source Name: Tcpip
Time Written: 20090207211301.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 4202
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{43A83BE5-06D2-4ACE-B7EE-8D67AA71BFF4} était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.
Record Number: 40701
Source Name: Tcpip
Time Written: 20090207211256.000000+060
Event Type: Informations
User:
Application event log
Computer Name: NOM_ORDINATEUR
Event Code: 302
Message: msnmsgr (1328) \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.
Record Number: 3923
Source Name: ESENT
Time Written: 20081209095723.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 301
Message: msnmsgr (1328) \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\fsr.log.
Record Number: 3922
Source Name: ESENT
Time Written: 20081209095723.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 301
Message: msnmsgr (1328) \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\fsr000F8.log.
Record Number: 3921
Source Name: ESENT
Time Written: 20081209095722.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 301
Message: msnmsgr (1328) \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\fsr000F7.log.
Record Number: 3920
Source Name: ESENT
Time Written: 20081209095722.000000+060
Event Type: Informations
User:
Computer Name: NOM_ORDINATEUR
Event Code: 301
Message: msnmsgr (1328) \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\audrey.NOM_ORDINATEUR\Local Settings\Application Data\Microsoft\Messenger\raymonde007@hotmail.com\SharingMetadata\Working\database_E09C_A0E6_9CA0_B884\fsr000F6.log.
Record Number: 3919
Source Name: ESENT
Time Written: 20081209095722.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
ET sa CES LE LOG
Logfile of random's system information tool 1.05 (written by random/random)
Run by audrey at 2009-03-16 15:52:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 21 GB (50%) free of 42 GB
Total RAM: 1015 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:51, on 16/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\V0420Mon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\audrey.NOM_ORDINATEUR\Bureau\RSIT.exe
C:\Program Files\trend micro\audrey.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {024999AE-B985-402E-8613-0238CB9C754A} - (no file)
O2 - BHO: (no name) - {04816D30-4ACB-4EAE-9868-2D89C2685336} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {06a7b345-cfc6-4671-844c-6ffe6d25a67d} - (no file)
O2 - BHO: (no name) - {082CED5F-6D52-46BA-AC53-75512167631E} - (no file)
O2 - BHO: (no name) - {082DB743-BB74-4235-B581-26E92B58DE8A} - (no file)
O2 - BHO: (no name) - {09540946-D266-40A0-AA66-93C3A55F1F7B} - (no file)
O2 - BHO: (no name) - {0BB21318-8C40-46B5-8971-286F690B4165} - (no file)
O2 - BHO: (no name) - {16884F96-65F0-4AE0-9C93-311379893BBC} - (no file)
O2 - BHO: (no name) - {17064500-8CFE-4DA7-ABBE-2EA38C8CDFF2} - (no file)
O2 - BHO: (no name) - {17d349ba-5dca-4708-9b34-983eb2dc07d5} - (no file)
O2 - BHO: (no name) - {22CA06CC-0D2A-4440-A232-E31C9D330C6E} - (no file)
O2 - BHO: (no name) - {23702676-AAC1-4A82-94CA-B429DB78A264} - (no file)
O2 - BHO: (no name) - {2597D3B3-C7FA-4EA4-A9ED-C96130EBF01A} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3166E7F2-F2AD-4C38-B68A-F1FB8B08E857} - (no file)
O2 - BHO: (no name) - {32CDA95F-D48A-48FF-8C4D-FE71E56B7B51} - (no file)
O2 - BHO: (no name) - {387f0bf1-5672-423a-90ff-cbc2d9636474} - (no file)
O2 - BHO: (no name) - {3A480F43-8DEC-46BC-8190-423994573A7C} - (no file)
O2 - BHO: (no name) - {3B367DE1-68D0-46FC-8237-41239A6CB26E} - (no file)
O2 - BHO: (no name) - {42E149CF-DF2C-43C3-B164-713401FA6CEB} - (no file)
O2 - BHO: (no name) - {49701CC4-C251-4B8F-8805-08A63742DB59} - (no file)
O2 - BHO: (no name) - {511926ED-FAE2-440B-A921-1211B60B68AA} - (no file)
O2 - BHO: (no name) - {568DCD50-33B9-4B5A-9E6D-35A3F1E8E456} - (no file)
O2 - BHO: (no name) - {5E82DFDF-F032-472E-A164-3DEB965D4691} - (no file)
O2 - BHO: (no name) - {5F498758-C16B-401F-866B-3536ED5ED666} - (no file)
O2 - BHO: (no name) - {60D8F328-CB98-4036-A5B7-CE08E7646E11} - (no file)
O2 - BHO: (no name) - {61290E48-8D10-46D7-8AEA-ABD3195A3A6C} - (no file)
O2 - BHO: (no name) - {6154E62B-086D-4026-BA7E-1AB954A2B96A} - (no file)
O2 - BHO: (no name) - {6351D727-23D4-412E-8ABB-B06CC5D5D340} - (no file)
O2 - BHO: (no name) - {6a60a972-6edd-436b-a11a-2717c2618dd8} - C:\WINDOWS\system32\wahayaga.dll
O2 - BHO: (no name) - {6AE3CF91-8A87-4360-9D82-07EEECD97E3B} - (no file)
O2 - BHO: (no name) - {6B798E6D-98D4-48C7-B4BC-D5D13C7C3AFD} - (no file)
O2 - BHO: (no name) - {6B8FD05C-C7FA-4CCA-9B4C-9234FA8FBA9B} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgGvwuUk.dll (file missing)
O2 - BHO: (no name) - {70359E01-0DAE-40C2-B947-1817FF057F60} - (no file)
O2 - BHO: (no name) - {74E3BCD6-0B77-43C4-A4BE-E56CF70A755B} - (no file)
O2 - BHO: (no name) - {74FE1AA6-63DD-4B0F-AD0C-56EC2BF47086} - (no file)
O2 - BHO: (no name) - {782DA6A9-B418-4C42-B361-32BD56A69503} - (no file)
O2 - BHO: (no name) - {7AB796B4-711F-4DD7-9DDA-BFCED09CD830} - (no file)
O2 - BHO: (no name) - {7B99FF4A-5B6C-4A64-8468-E2CB45473D2F} - (no file)
O2 - BHO: (no name) - {8458F76D-30A1-4EAC-9FF3-028214B9ADD2} - (no file)
O2 - BHO: (no name) - {882F8E66-6C43-49F3-B406-0DA7ADF28030} - (no file)
O2 - BHO: (no name) - {8F2792F4-4912-4077-A9AC-24D8CF8944A9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {920573B0-0CCD-41C7-8C03-0FB13E3F0445} - (no file)
O2 - BHO: (no name) - {93E1E063-121B-4CC5-AB27-200DD785D584} - (no file)
O2 - BHO: (no name) - {94363BEC-B4C5-4752-9C7E-436894F6879D} - (no file)
O2 - BHO: (no name) - {95823C71-9913-43D3-9D63-1E0FB1968ADA} - (no file)
O2 - BHO: (no name) - {96910EFE-E6B1-40F1-A8D4-9DBC7839AF63} - (no file)
O2 - BHO: (no name) - {975A2C77-95F4-4581-85F3-9190786BC280} - (no file)
O2 - BHO: (no name) - {97BB81FF-67E1-4139-BAB4-F554291D0CF2} - (no file)
O2 - BHO: (no name) - {986086F9-ED83-4654-B2F0-988BAB4B733B} - (no file)
O2 - BHO: (no name) - {9B3FF003-4A43-441C-8F67-D35766F948C9} - (no file)
O2 - BHO: (no name) - {9B4D5C16-8345-4024-B60F-473063FA7A27} - (no file)
O2 - BHO: (no name) - {9EDC12E1-F204-47DB-B913-9F6913A9E808} - (no file)
O2 - BHO: (no name) - {A4364DBC-D550-412F-B3A5-AB44A4A25D1C} - (no file)
O2 - BHO: (no name) - {A52836CA-9423-4FD4-A49B-0870C3B0650F} - (no file)
O2 - BHO: (no name) - {AC5E2332-562C-41B6-9275-AE7B09E3FF74} - (no file)
O2 - BHO: (no name) - {AF1FC885-DCEB-4685-8CEF-057BD6C852BC} - (no file)
O2 - BHO: (no name) - {B0083D08-542A-47EF-8331-5D5EC7F5BFFF} - (no file)
O2 - BHO: (no name) - {B213289C-2EA9-4D8F-AFDB-04FA8767197B} - (no file)
O2 - BHO: (no name) - {B5931208-FA84-4018-82BB-1FB5EADCC1CA} - (no file)
O2 - BHO: (no name) - {B7E792B5-7F98-48C4-8F35-F1EB261BCFA1} - (no file)
O2 - BHO: (no name) - {B8BF5D09-968D-489D-8F43-03520084080E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C11EB7D5-06E1-4B57-B9DA-0BA0372D0C9B} - (no file)
O2 - BHO: (no name) - {C3887EE3-0602-472E-9AD9-A6D78F089CC1} - (no file)
O2 - BHO: (no name) - {C3C5D651-01B0-468F-8595-645A88ED1C73} - (no file)
O2 - BHO: (no name) - {C7354B08-501A-4EAD-8117-55BB9FAF840E} - (no file)
O2 - BHO: (no name) - {C7E8A40C-531A-40C5-8602-99FBC39B61E6} - (no file)
O2 - BHO: (no name) - {CBB45FAE-8972-4990-AEE2-A092641D00C5} - (no file)
O2 - BHO: (no name) - {D281F127-42F4-44B2-A222-440EFB4C8422} - (no file)
O2 - BHO: (no name) - {DA993104-1D5C-4DF6-93B0-B37E78A628EB} - (no file)
O2 - BHO: (no name) - {E126A936-56B6-4FA4-AEC3-7F1B2AC81091} - (no file)
O2 - BHO: (no name) - {E1A5C0CE-E787-46A0-864D-A387D0A5A5C4} - (no file)
O2 - BHO: (no name) - {E6297819-4981-4732-BDCD-A10A9D9AEB2B} - (no file)
O2 - BHO: (no name) - {E8C2B1D3-5DDB-457E-BA8C-64174F88227D} - (no file)
O2 - BHO: (no name) - {E9C3AAC2-D03C-480C-8BB7-1CE4E31B7E00} - (no file)
O2 - BHO: (no name) - {EAAEF5DB-1424-4883-906A-971F50DCEE31} - (no file)
O2 - BHO: (no name) - {EB88133B-C554-4A59-B7B9-3755E809542C} - (no file)
O2 - BHO: {77f4d2fe-3963-970b-1534-e35d32d4f7ce} - {ec7f4d23-d53e-4351-b079-3693ef2d4f77} - C:\WINDOWS\system32\aqzdry.dll
O2 - BHO: (no name) - {ECF02858-D651-4F5D-ABE1-F28C1B8D50BC} - (no file)
O2 - BHO: (no name) - {ED80F378-7AD7-431E-B2D4-8A4C1117576C} - (no file)
O2 - BHO: (no name) - {F1595D40-EEB7-40D3-ADDE-19A00D9966ED} - (no file)
O2 - BHO: (no name) - {F2124238-4877-41BC-A33B-46119CE94CCE} - (no file)
O2 - BHO: (no name) - {F84A2622-DD43-4E8D-B646-4FB65C777728} - (no file)
O2 - BHO: (no name) - {FA80B79A-D4CE-44B8-93EC-0B2FE6782D82} - (no file)
O2 - BHO: (no name) - {FCB36300-B0D5-4F6D-AC38-F019BE6DBDB3} - (no file)
O2 - BHO: (no name) - {FF188E19-B4C1-4E95-9205-FA1E9317F999} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [feripurivi] Rundll32.exe "C:\WINDOWS\system32\wowinule.dll",s
O4 - HKLM\..\Run: [9ca0b82b] rundll32.exe "C:\WINDOWS\system32\gejekoyu.dll",b
O4 - HKLM\..\Run: [CPM9f938bb7] Rundll32.exe "c:\windows\system32\japadesu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [feripurivi] Rundll32.exe "C:\WINDOWS\system32\wowinule.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6237794640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\jijejamu.dll aqzdry.dll c:\windows\system32\japadesu.dll
O20 - Winlogon Notify: hgGvwuUk - hgGvwuUk.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE (file missing)
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 16469 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{024999AE-B985-402E-8613-0238CB9C754A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04816D30-4ACB-4EAE-9868-2D89C2685336}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06a7b345-cfc6-4671-844c-6ffe6d25a67d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{082CED5F-6D52-46BA-AC53-75512167631E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{082DB743-BB74-4235-B581-26E92B58DE8A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09540946-D266-40A0-AA66-93C3A55F1F7B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BB21318-8C40-46B5-8971-286F690B4165}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16884F96-65F0-4AE0-9C93-311379893BBC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17064500-8CFE-4DA7-ABBE-2EA38C8CDFF2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17d349ba-5dca-4708-9b34-983eb2dc07d5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22CA06CC-0D2A-4440-A232-E31C9D330C6E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23702676-AAC1-4A82-94CA-B429DB78A264}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2597D3B3-C7FA-4EA4-A9ED-C96130EBF01A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-27 308832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3166E7F2-F2AD-4C38-B68A-F1FB8B08E857}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32CDA95F-D48A-48FF-8C4D-FE71E56B7B51}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{387f0bf1-5672-423a-90ff-cbc2d9636474}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A480F43-8DEC-46BC-8190-423994573A7C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B367DE1-68D0-46FC-8237-41239A6CB26E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42E149CF-DF2C-43C3-B164-713401FA6CEB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49701CC4-C251-4B8F-8805-08A63742DB59}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511926ED-FAE2-440B-A921-1211B60B68AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{568DCD50-33B9-4B5A-9E6D-35A3F1E8E456}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E82DFDF-F032-472E-A164-3DEB965D4691}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F498758-C16B-401F-866B-3536ED5ED666}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60D8F328-CB98-4036-A5B7-CE08E7646E11}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61290E48-8D10-46D7-8AEA-ABD3195A3A6C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6154E62B-086D-4026-BA7E-1AB954A2B96A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6351D727-23D4-412E-8ABB-B06CC5D5D340}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a60a972-6edd-436b-a11a-2717c2618dd8}]
C:\WINDOWS\system32\wahayaga.dll [1601-01-01 72343]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE3CF91-8A87-4360-9D82-07EEECD97E3B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B798E6D-98D4-48C7-B4BC-D5D13C7C3AFD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B8FD05C-C7FA-4CCA-9B4C-9234FA8FBA9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2009-02-06 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\hgGvwuUk.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70359E01-0DAE-40C2-B947-1817FF057F60}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74E3BCD6-0B77-43C4-A4BE-E56CF70A755B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74FE1AA6-63DD-4B0F-AD0C-56EC2BF47086}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{782DA6A9-B418-4C42-B361-32BD56A69503}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AB796B4-711F-4DD7-9DDA-BFCED09CD830}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B99FF4A-5B6C-4A64-8468-E2CB45473D2F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8458F76D-30A1-4EAC-9FF3-028214B9ADD2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{882F8E66-6C43-49F3-B406-0DA7ADF28030}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F2792F4-4912-4077-A9AC-24D8CF8944A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{920573B0-0CCD-41C7-8C03-0FB13E3F0445}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93E1E063-121B-4CC5-AB27-200DD785D584}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94363BEC-B4C5-4752-9C7E-436894F6879D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95823C71-9913-43D3-9D63-1E0FB1968ADA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96910EFE-E6B1-40F1-A8D4-9DBC7839AF63}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975A2C77-95F4-4581-85F3-9190786BC280}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97BB81FF-67E1-4139-BAB4-F554291D0CF2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986086F9-ED83-4654-B2F0-988BAB4B733B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B3FF003-4A43-441C-8F67-D35766F948C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B4D5C16-8345-4024-B60F-473063FA7A27}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EDC12E1-F204-47DB-B913-9F6913A9E808}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4364DBC-D550-412F-B3A5-AB44A4A25D1C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A52836CA-9423-4FD4-A49B-0870C3B0650F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC5E2332-562C-41B6-9275-AE7B09E3FF74}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF1FC885-DCEB-4685-8CEF-057BD6C852BC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0083D08-542A-47EF-8331-5D5EC7F5BFFF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B213289C-2EA9-4D8F-AFDB-04FA8767197B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5931208-FA84-4018-82BB-1FB5EADCC1CA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7E792B5-7F98-48C4-8F35-F1EB261BCFA1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8BF5D09-968D-489D-8F43-03520084080E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C11EB7D5-06E1-4B57-B9DA-0BA0372D0C9B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3887EE3-0602-472E-9AD9-A6D78F089CC1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3C5D651-01B0-468F-8595-645A88ED1C73}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7354B08-501A-4EAD-8117-55BB9FAF840E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7E8A40C-531A-40C5-8602-99FBC39B61E6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBB45FAE-8972-4990-AEE2-A092641D00C5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D281F127-42F4-44B2-A222-440EFB4C8422}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA993104-1D5C-4DF6-93B0-B37E78A628EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E126A936-56B6-4FA4-AEC3-7F1B2AC81091}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1A5C0CE-E787-46A0-864D-A387D0A5A5C4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6297819-4981-4732-BDCD-A10A9D9AEB2B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8C2B1D3-5DDB-457E-BA8C-64174F88227D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9C3AAC2-D03C-480C-8BB7-1CE4E31B7E00}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAAEF5DB-1424-4883-906A-971F50DCEE31}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB88133B-C554-4A59-B7B9-3755E809542C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec7f4d23-d53e-4351-b079-3693ef2d4f77}]
C:\WINDOWS\system32\aqzdry.dll [2009-03-16 142848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECF02858-D651-4F5D-ABE1-F28C1B8D50BC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED80F378-7AD7-431E-B2D4-8A4C1117576C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1595D40-EEB7-40D3-ADDE-19A00D9966ED}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2124238-4877-41BC-A33B-46119CE94CCE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F84A2622-DD43-4E8D-B646-4FB65C777728}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA80B79A-D4CE-44B8-93EC-0B2FE6782D82}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCB36300-B0D5-4F6D-AC38-F019BE6DBDB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF188E19-B4C1-4E95-9205-FA1E9317F999}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-08 729178]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-08 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-08 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-08 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 EPSON Stylus Photo RX420 Series /O5 LPT1: /M Stylus Photo RX420 []
"EPSON Stylus Photo RX420 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 EPSON Stylus Photo RX420 Series (Copie 1) /O6 USB001 /M Stylus Photo RX420 []
"WMAAD"=C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe [2007-02-16 110592]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"F-Secure Manager"=C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE [2008-04-23 182936]
"F-Secure TNB"=C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-27 185872]
"V0420Mon.exe"=C:\WINDOWS\V0420Mon.exe [2007-04-30 32768]
"ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe []
"feripurivi"=C:\WINDOWS\system32\wowinule.dll [1601-01-01 72343]
"9ca0b82b"=C:\WINDOWS\system32\gejekoyu.dll [2009-03-16 102400]
"CPM9f938bb7"=c:\windows\system32\japadesu.dll [2009-03-16 107520]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Creative Live! Cam Manager"=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-06-07 155648]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\jijejamu.dll aqzdry.dll c:\windows\system32\japadesu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGvwuUk]
hgGvwuUk.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll [2009-03-16 107520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\japadesu.dll [2009-03-16 107520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\hgGvwuUk.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=cli
C:\WINDOWS\system32\jijejamu.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*
isabled:AOL 9.0"
"C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*isabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*isabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*isabled:AOL 9.0 (Connectivity Service)"
"C:\Program Files\Home Cinema\PowerCinema\PowerCinema.exe"="C:\Program Files\Home Cinema\PowerCinema\PowerCinema.exe:*isabled:CyberLink PowerCinema"
"C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe:*isabled:CyberLink PowerCinema Resident Program"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*isabled:eMule"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*isabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*isabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*isabled:eTrust Antivirus - RPC Server"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*isabled:Nero MediaHome"
"C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsavgui.exe"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsavgui.exe:*isabled
uvrir AntiVirus Firewall"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*isabled:reader_sl"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPlayer"
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*isabled:realsched"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*isabled:TeaTimer"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*isabled:ctfmon"
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe:*isabled:CTLCMgr"
"C:\WINDOWS\system32\dumprep.exe"="C:\WINDOWS\system32\dumprep.exe:*isabledumprep"
"C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe"="C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe:*isabled:FSGK32"
"C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe:*isabled:fsguidll"
"C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE:*isabled:FSM32"
"C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe"="C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe:*isabled:fsus"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*isabled:hkcmd"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*isabled:hpqSTE08"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*isabled:hpqtra08"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*isabled:igfxsrvc"
"C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\licmgr.exe"="C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\licmgr.exe:*isabled:licmgr"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Disabled:logonui"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Disabled:lsass"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:Disabled:NetMeeting"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Disabled:RTHDCPL"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Disabled:rundll32"
"C:\Program Files\OpenOffice.org 2.0\program\soffice.bin"="C:\Program Files\OpenOffice.org 2.0\program\soffice.bin:*:Disabled:soffice"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Disabled:spoolsv"
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"="C:\Program Files\Windows Live\Messenger\usnsvc.exe:*:Disabled:usnsvc"
"C:\WINDOWS\V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe:*:Disabled:V0420Mon"
"C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe:*:Disabled:WMAAD"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*:Disabled:wmiapsrv"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Disabled:wmiprvse"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"="C:\Program Files\Windows Media Player\wmpnscfg.exe:*:Disabled:WMPNSCFG"
"C:\Program Files\Common Files\X10\Common\X10nets.exe"="C:\Program Files\Common Files\X10\Common\X10nets.exe:*:Disabled:x10nets"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:Assistance à distance"
"C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe"="C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe:*:Disabled:ccSvcHst"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Explorer"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Prog
tien
ComboFix 09-03-15.01 - audrey 2009-03-17 20:29:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.647 [GMT 1:00]
Lancé depuis: c:\documents and settings\audrey.NOM_ORDINATEUR\Bureau\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\aarrnqap.ini
c:\windows\system32\abawelek.ini
c:\windows\system32\agubuhuf.ini
c:\windows\system32\amoburis.ini
c:\windows\system32\aqzdry.dll
c:\windows\system32\atozikun.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\avunojuk.ini
c:\windows\system32\bcwclnpw.ini
c:\windows\system32\betegega.dll.tmp
c:\windows\system32\buhiwuna.dll
c:\windows\system32\cbikfo.dll
c:\windows\system32\ciwmjgtx.ini
c:\windows\system32\ckgjksxd.ini
c:\windows\system32\dgtxflir.ini
c:\windows\system32\dikemude.dll
c:\windows\system32\dubuwemo.dll
c:\windows\system32\duzemibe.dll
c:\windows\system32\eyupifuv.ini
c:\windows\system32\fanudugu.dll
c:\windows\system32\fivipute.dll
c:\windows\system32\gipidiwu.dll
c:\windows\system32\gjeellmr.ini
c:\windows\system32\gokisoso.dll
c:\windows\system32\gutgnlfa.ini
c:\windows\system32\hycjxync.ini
c:\windows\system32\ibuyirod.ini
c:\windows\system32\ifokogen.ini
c:\windows\system32\inlejihu.ini
c:\windows\system32\ipagiven.ini
c:\windows\system32\iqwdooad.ini
c:\windows\system32\ituguwer.ini
c:\windows\system32\ivomsgjs.ini
c:\windows\system32\iyesegep.ini
c:\windows\system32\jonotama.dll
c:\windows\system32\jvwtcasl.ini
c:\windows\system32\ktyulafw.ini
c:\windows\system32\lbupabtb.ini
c:\windows\system32\lmsbross.ini
c:\windows\system32\logibeja.dll.tmp
c:\windows\system32\losesafa.dll
c:\windows\system32\lwjoyvyk.ini
c:\windows\system32\mjydflcy.ini
c:\windows\system32\mqkkke.dll
c:\windows\system32\mtvrtc.dll
c:\windows\system32\namiviko.dll
c:\windows\system32\nrdviarq.ini
c:\windows\system32\nrmivieo.ini
c:\windows\system32\nuvoyijo.dll
c:\windows\system32\obcmxddr.ini
c:\windows\system32\okcxhxud.ini
c:\windows\system32\oulgupic.ini
c:\windows\system32\owerafed.ini
c:\windows\system32\owipofam.ini
c:\windows\system32\paqvjygs.ini
c:\windows\system32\petonuho.dll
c:\windows\system32\pipksuur.ini
c:\windows\system32\porevujo.dll
c:\windows\system32\qorlnxrr.ini
c:\windows\system32\qwqnxnum.ini
c:\windows\system32\rojqcukn.ini
c:\windows\system32\segivubo.dll.tmp
c:\windows\system32\sqnquxfk.ini
c:\windows\system32\srrtpurj.ini
c:\windows\system32\subalavi.dll
c:\windows\system32\surosubo.dll.tmp
c:\windows\system32\tajokigu.dll.tmp
c:\windows\system32\thoadbwc.ini
c:\windows\system32\tjeaaowe.ini
c:\windows\system32\tnnpqtpb.ini
c:\windows\system32\tubivabo.dll
c:\windows\system32\tvbctmvj.ini
c:\windows\system32\tydxwpni.ini
c:\windows\system32\ulqpwjaa.ini
c:\windows\system32\umofilap.ini
c:\windows\system32\utinorot.ini
c:\windows\system32\vabadxnq.ini
c:\windows\system32\vhtepwku.ini
c:\windows\system32\wGNUxGgh.ini
c:\windows\system32\wGNUxGgh.ini2
c:\windows\system32\wodwrrlk.ini
c:\windows\system32\xqpetbrb.ini
c:\windows\system32\yolqgpdh.ini
c:\windows\system32\zorirako.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_icf
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
.
2009-03-17 20:07 . 2009-03-17 20:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 20:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 20:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 22:22 . 2009-03-17 20:33 120,046 --a------ c:\windows\system32\drivers\6c8f5997.sys
2009-03-16 22:21 . 2009-03-16 22:23 2 --a------ C:\-1667188604
2009-03-16 15:52 . 2009-03-16 15:53 <REP> d-------- C:\rsit
2009-03-16 15:52 . 2009-03-16 15:53 <REP> d-------- c:\program files\trend micro
2009-03-12 09:45 . 2009-03-12 09:45 1,902,301 ---hs---- c:\windows\system32\isofopig.tmp
2009-03-05 11:04 . 2009-03-05 11:04 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\IECompatCache
2009-03-05 11:02 . 2009-03-05 11:02 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\PrivacIE
2009-03-05 11:02 . 2009-03-05 11:02 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\IETldCache
2009-03-05 10:52 . 2009-03-05 10:56 <REP> d--h-c--- c:\windows\ie8
2009-03-05 10:30 . 2009-03-05 10:31 1,726,090 ---hs---- c:\windows\system32\uyekupiv.tmp
2009-03-04 10:30 . 2009-03-04 10:30 121 ---hs---- c:\windows\system32\oroyawik.tmp
2009-03-01 17:53 . 2009-03-01 17:53 <REP> d-------- c:\documents and settings\Propriétaire
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 12:01 --------- d-----w c:\documents and settings\audrey.NOM_ORDINATEUR\Application Data\OpenOffice.org2
2009-02-06 21:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-06 15:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-06 15:00 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-06 15:00 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-06 15:00 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-06 15:00 --------- d-----w c:\program files\Symantec
2009-02-06 14:59 --------- d-----w c:\program files\Windows Sidebar
2009-02-06 14:59 --------- d-----w c:\program files\Norton AntiVirus
2009-02-06 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-06 14:57 --------- d-----w c:\program files\NortonInstaller
2009-02-06 14:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2006-05-05 06:39 8 -csh--r c:\windows\system32\083B7C0DB7.sys
2006-05-05 06:39 4,704 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-10-27 11:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008102720081028\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ogkcpt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Fichiers communs\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\Orange\\AntivirusFirewall\\Common\\FSM32.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\OpenOffice.org 2.0\\program\\soffice.bin"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\V0420Mon.exe"=
"c:\\Program Files\\Sony\\WALKMAN Launcher\\WMAAD.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"=
"c:\\Program Files\\Common Files\\X10\\Common\\X10nets.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Norton AntiVirus\\Engine\\16.2.0.7\\ccSvcHst.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-06 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-06 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-12 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-06 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;c:\windows\system32\drivers\W33ND.SYS [2006-05-11 140064]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-04-28 7040]
S2 rusxqeyfge;Rusxqeyfge;c:\windows\System32\svchost.exe -k netsvcs [2006-04-28 14336]
S2 ycoyhujyria;YCoyhujyria;c:\windows\System32\svchost.exe -k netsvcs [2006-04-28 14336]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-05-03 826752]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2006-04-28 46108]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [?]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2008-01-05 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2008-01-05 67760]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2008-11-23 99648]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [?]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
YCoyhujyria
Rusxqeyfge
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4988ade-98fe-11dc-b15f-0040d090bb30}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-03-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{024999AE-B985-402E-8613-0238CB9C754A} - (no file)
BHO-{04816D30-4ACB-4EAE-9868-2D89C2685336} - (no file)
BHO-{06a7b345-cfc6-4671-844c-6ffe6d25a67d} - (no file)
BHO-{082CED5F-6D52-46BA-AC53-75512167631E} - (no file)
BHO-{082DB743-BB74-4235-B581-26E92B58DE8A} - (no file)
BHO-{09540946-D266-40A0-AA66-93C3A55F1F7B} - (no file)
BHO-{0BB21318-8C40-46B5-8971-286F690B4165} - (no file)
BHO-{16884F96-65F0-4AE0-9C93-311379893BBC} - (no file)
BHO-{17064500-8CFE-4DA7-ABBE-2EA38C8CDFF2} - (no file)
BHO-{17d349ba-5dca-4708-9b34-983eb2dc07d5} - (no file)
BHO-{22CA06CC-0D2A-4440-A232-E31C9D330C6E} - (no file)
BHO-{23702676-AAC1-4A82-94CA-B429DB78A264} - (no file)
BHO-{2597D3B3-C7FA-4EA4-A9ED-C96130EBF01A} - (no file)
BHO-{3166E7F2-F2AD-4C38-B68A-F1FB8B08E857} - (no file)
BHO-{32CDA95F-D48A-48FF-8C4D-FE71E56B7B51} - (no file)
BHO-{387f0bf1-5672-423a-90ff-cbc2d9636474} - (no file)
BHO-{3A480F43-8DEC-46BC-8190-423994573A7C} - (no file)
BHO-{3B367DE1-68D0-46FC-8237-41239A6CB26E} - (no file)
BHO-{42E149CF-DF2C-43C3-B164-713401FA6CEB} - (no file)
BHO-{49701CC4-C251-4B8F-8805-08A63742DB59} - (no file)
BHO-{511926ED-FAE2-440B-A921-1211B60B68AA} - (no file)
BHO-{568DCD50-33B9-4B5A-9E6D-35A3F1E8E456} - (no file)
BHO-{5E82DFDF-F032-472E-A164-3DEB965D4691} - (no file)
BHO-{5F498758-C16B-401F-866B-3536ED5ED666} - (no file)
BHO-{60D8F328-CB98-4036-A5B7-CE08E7646E11} - (no file)
BHO-{61290E48-8D10-46D7-8AEA-ABD3195A3A6C} - (no file)
BHO-{6154E62B-086D-4026-BA7E-1AB954A2B96A} - (no file)
BHO-{6351D727-23D4-412E-8ABB-B06CC5D5D340} - (no file)
BHO-{6AE3CF91-8A87-4360-9D82-07EEECD97E3B} - (no file)
BHO-{6B798E6D-98D4-48C7-B4BC-D5D13C7C3AFD} - (no file)
BHO-{6B8FD05C-C7FA-4CCA-9B4C-9234FA8FBA9B} - (no file)
BHO-{70359E01-0DAE-40C2-B947-1817FF057F60} - (no file)
BHO-{74E3BCD6-0B77-43C4-A4BE-E56CF70A755B} - (no file)
BHO-{74FE1AA6-63DD-4B0F-AD0C-56EC2BF47086} - (no file)
BHO-{782DA6A9-B418-4C42-B361-32BD56A69503} - (no file)
BHO-{7AB796B4-711F-4DD7-9DDA-BFCED09CD830} - (no file)
BHO-{7B99FF4A-5B6C-4A64-8468-E2CB45473D2F} - (no file)
BHO-{8458F76D-30A1-4EAC-9FF3-028214B9ADD2} - (no file)
BHO-{882F8E66-6C43-49F3-B406-0DA7ADF28030} - (no file)
BHO-{8F2792F4-4912-4077-A9AC-24D8CF8944A9} - (no file)
BHO-{920573B0-0CCD-41C7-8C03-0FB13E3F0445} - (no file)
BHO-{93E1E063-121B-4CC5-AB27-200DD785D584} - (no file)
BHO-{94363BEC-B4C5-4752-9C7E-436894F6879D} - (no file)
BHO-{95823C71-9913-43D3-9D63-1E0FB1968ADA} - (no file)
BHO-{96910EFE-E6B1-40F1-A8D4-9DBC7839AF63} - (no file)
BHO-{975A2C77-95F4-4581-85F3-9190786BC280} - (no file)
BHO-{97BB81FF-67E1-4139-BAB4-F554291D0CF2} - (no file)
BHO-{986086F9-ED83-4654-B2F0-988BAB4B733B} - (no file)
BHO-{9B3FF003-4A43-441C-8F67-D35766F948C9} - (no file)
BHO-{9B4D5C16-8345-4024-B60F-473063FA7A27} - (no file)
BHO-{9EDC12E1-F204-47DB-B913-9F6913A9E808} - (no file)
BHO-{A4364DBC-D550-412F-B3A5-AB44A4A25D1C} - (no file)
BHO-{A52836CA-9423-4FD4-A49B-0870C3B0650F} - (no file)
BHO-{AC5E2332-562C-41B6-9275-AE7B09E3FF74} - (no file)
BHO-{AF1FC885-DCEB-4685-8CEF-057BD6C852BC} - (no file)
BHO-{B0083D08-542A-47EF-8331-5D5EC7F5BFFF} - (no file)
BHO-{B213289C-2EA9-4D8F-AFDB-04FA8767197B} - (no file)
BHO-{B5931208-FA84-4018-82BB-1FB5EADCC1CA} - (no file)
BHO-{B7E792B5-7F98-48C4-8F35-F1EB261BCFA1} - (no file)
BHO-{B8BF5D09-968D-489D-8F43-03520084080E} - (no file)
BHO-{C11EB7D5-06E1-4B57-B9DA-0BA0372D0C9B} - (no file)
BHO-{C3887EE3-0602-472E-9AD9-A6D78F089CC1} - (no file)
BHO-{C3C5D651-01B0-468F-8595-645A88ED1C73} - (no file)
BHO-{C7354B08-501A-4EAD-8117-55BB9FAF840E} - (no file)
BHO-{C7E8A40C-531A-40C5-8602-99FBC39B61E6} - (no file)
BHO-{CBB45FAE-8972-4990-AEE2-A092641D00C5} - (no file)
BHO-{D281F127-42F4-44B2-A222-440EFB4C8422} - (no file)
BHO-{DA993104-1D5C-4DF6-93B0-B37E78A628EB} - (no file)
BHO-{E126A936-56B6-4FA4-AEC3-7F1B2AC81091} - (no file)
BHO-{E1A5C0CE-E787-46A0-864D-A387D0A5A5C4} - (no file)
BHO-{E6297819-4981-4732-BDCD-A10A9D9AEB2B} - (no file)
BHO-{E8C2B1D3-5DDB-457E-BA8C-64174F88227D} - (no file)
BHO-{E9C3AAC2-D03C-480C-8BB7-1CE4E31B7E00} - (no file)
BHO-{EAAEF5DB-1424-4883-906A-971F50DCEE31} - (no file)
BHO-{EB88133B-C554-4A59-B7B9-3755E809542C} - (no file)
BHO-{ECF02858-D651-4F5D-ABE1-F28C1B8D50BC} - (no file)
BHO-{ED80F378-7AD7-431E-B2D4-8A4C1117576C} - (no file)
BHO-{F1595D40-EEB7-40D3-ADDE-19A00D9966ED} - (no file)
BHO-{F2124238-4877-41BC-A33B-46119CE94CCE} - (no file)
BHO-{F84A2622-DD43-4E8D-B646-4FB65C777728} - (no file)
BHO-{FA80B79A-D4CE-44B8-93EC-0B2FE6782D82} - (no file)
BHO-{FCB36300-B0D5-4F6D-AC38-F019BE6DBDB3} - (no file)
BHO-{FF188E19-B4C1-4E95-9205-FA1E9317F999} - (no file)
Toolbar-Locked - (no file)
Notify-WgaLogon - (no file)
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 20:33:38
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6c8f5997]
"ImagePath"="\SystemRoot\System32\drivers\6c8f5997.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-03-17 20:36:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-17 19:36:30
Avant-CF: 21 953 265 664 octets libres
Après-CF: 26,027,712,512 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
355 --- E O F --- 2008-11-12 14:39:24
Je te donne des nouvelles dès que possible, sûrement demain car il faut que j'en parle avec mes collègues.
trop facile
Logfile of random's system information tool 1.05 (written by random/random)
Run by audrey at 2009-03-17 20:55:33
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 25 GB (59%) free of 42 GB
Total RAM: 1015 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:50, on 17/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\audrey.NOM_ORDINATEUR\Bureau\RSIT.exe
C:\Program Files\trend micro\audrey.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6237794640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: ogkcpt.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE (file missing)
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6455 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-27 308832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2009-02-06 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" ogkcpt.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=cli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*isabled:Nero MediaHome"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*isabled:reader_sl"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPlayer"
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*isabled:realsched"
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe:*isabled:CTLCMgr"
"C:\WINDOWS\system32\dumprep.exe"="C:\WINDOWS\system32\dumprep.exe:*isabledumprep"
"C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE:*isabled:FSM32"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*isabled:hkcmd"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*isabled:hpqSTE08"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*isabled:hpqtra08"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*isabled:igfxsrvc"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*isabled:NetMeeting"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*isabled:RTHDCPL"
"C:\Program Files\OpenOffice.org 2.0\program\soffice.bin"="C:\Program Files\OpenOffice.org 2.0\program\soffice.bin:*isabled:soffice"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*isabled:spoolsv"
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"="C:\Program Files\Windows Live\Messenger\usnsvc.exe:*isabled:usnsvc"
"C:\WINDOWS\V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe:*isabled:V0420Mon"
"C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe:*isabled:WMAAD"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*isabled:wmiapsrv"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*isabled:wmiprvse"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"="C:\Program Files\Windows Media Player\wmpnscfg.exe:*isabled:WMPNSCFG"
"C:\Program Files\Common Files\X10\Common\X10nets.exe"="C:\Program Files\Common Files\X10\Common\X10nets.exe:*isabled:x10nets"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:Assistance à distance"
"C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe"="C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe:*isabled:ccSvcHst"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*isabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*isabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*isabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4988ade-98fe-11dc-b15f-0040d090bb30}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 3 months======
2009-03-17 20:36:36 ----A---- C:\ComboFix.txt
2009-03-17 20:29:21 ----A---- C:\Boot.bak
2009-03-17 20:29:16 ----RASHD---- C:\cmdcons
2009-03-17 20:26:25 ----A---- C:\WINDOWS\zip.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\VFIND.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\SWSC.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\SWREG.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\sed.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\grep.exe
2009-03-17 20:26:25 ----A---- C:\WINDOWS\fdsv.exe
2009-03-17 20:07:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-16 16:15:13 ----D---- C:\WINDOWS\ERDNT
2009-03-16 16:14:54 ----D---- C:\Qoobox
2009-03-16 15:52:57 ----D---- C:\Program Files\trend micro
2009-03-16 15:52:55 ----D---- C:\rsit
2009-03-12 09:45:32 ----SH---- C:\WINDOWS\system32\isofopig.tmp
2009-03-05 10:52:20 ----HDC---- C:\WINDOWS\ie8
2009-03-05 10:30:59 ----SH---- C:\WINDOWS\system32\uyekupiv.tmp
2009-03-04 10:30:34 ----SH---- C:\WINDOWS\system32\oroyawik.tmp
2009-02-06 18:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-06 16:00:45 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-02-06 16:00:44 ----D---- C:\Program Files\Symantec
2009-02-06 16:00:44 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-02-06 15:59:44 ----D---- C:\Program Files\Windows Sidebar
2009-02-06 15:59:44 ----D---- C:\Program Files\Norton AntiVirus
2009-02-06 15:59:38 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-02-06 15:57:12 ----D---- C:\Program Files\NortonInstaller
2009-02-06 15:57:12 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-01-15 02:22:08 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 02:21:46 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 02:19:36 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 02:19:08 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-01-05 12:38:56 ----D---- C:\Documents and Settings\audrey.NOM_ORDINATEUR\Application Data\Malwarebytes
2009-01-05 12:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-03 22:05:32 ----A---- C:\WINDOWS\system32\kvtjaxgd.dll
======List of files/folders modified in the last 3 months======
2009-03-17 20:36:42 ----D---- C:\WINDOWS\Temp
2009-03-17 20:36:42 ----D---- C:\WINDOWS\system32\drivers
2009-03-17 20:36:42 ----D---- C:\WINDOWS\system32
2009-03-17 20:36:39 ----D---- C:\WINDOWS\Prefetch
2009-03-17 20:36:39 ----D---- C:\WINDOWS
2009-03-17 20:34:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-17 20:33:42 ----A---- C:\WINDOWS\system.ini
2009-03-17 20:33:22 ----AC---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-17 20:32:14 ----D---- C:\WINDOWS\system32\config
2009-03-17 20:30:48 ----D---- C:\WINDOWS\AppPatch
2009-03-17 20:30:45 ----D---- C:\Program Files\Fichiers communs
2009-03-17 20:29:21 ----RASH---- C:\boot.ini
2009-03-17 20:26:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-17 20:20:49 ----RD---- C:\Program Files
2009-03-17 09:47:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-17 09:46:51 ----D---- C:\WINDOWS\system32\Lang
2009-03-17 09:46:07 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-16 22:21:24 ----ASH---- C:\WINDOWS\system32\pinafadi.dll
2009-03-16 11:22:50 ----HD---- C:\WINDOWS\inf
2009-03-16 11:22:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-14 13:01:06 ----D---- C:\Documents and Settings\audrey.NOM_ORDINATEUR\Application Data\OpenOffice.org2
2009-03-14 12:27:33 ----AC---- C:\WINDOWS\WORDPAD.INI
2009-03-14 12:24:29 ----D---- C:\Documents and Settings
2009-03-10 13:38:32 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-03-09 16:20:01 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-05 15:35:41 ----D---- C:\WINDOWS\network diagnostic
2009-03-05 10:58:23 ----D---- C:\WINDOWS\system32\fr-fr
2009-03-05 10:58:22 ----D---- C:\WINDOWS\Media
2009-03-05 10:58:22 ----D---- C:\WINDOWS\Help
2009-03-05 10:58:22 ----D---- C:\Program Files\Internet Explorer
2009-02-06 23:35:09 ----SD---- C:\WINDOWS\Tasks
2009-02-06 23:31:32 ----A---- C:\WINDOWS\imsins.BAK
2009-02-06 22:35:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-06 22:32:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 16:01:41 ----SHD---- C:\System Volume Information
2009-02-06 13:44:11 ----A---- C:\WINDOWS\system32\97837c55-.txt
2009-01-15 02:22:32 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-01-15 02:19:36 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-01-15 02:17:22 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-01-15 02:13:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 02:12:12 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-01-15 02:06:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-01-15 02:06:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-01-15 02:06:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-01-15 02:06:00 ----A---- C:\WINDOWS\system32\url.dll
2009-01-15 02:05:42 ----A---- C:\WINDOWS\system32\wininet.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\occache.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\msrating.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-01-15 02:04:28 ----A---- C:\WINDOWS\system32\corpol.dll
2009-01-15 02:04:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-01-15 02:03:58 ----A---- C:\WINDOWS\system32\jscript.dll
2009-01-15 02:03:50 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-01-15 02:03:42 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-01-15 02:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-01-15 02:03:32 ----A---- C:\WINDOWS\system32\admparse.dll
2009-01-15 02:03:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-01-15 02:03:20 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\inseng.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-01-15 02:03:12 ----A---- C:\WINDOWS\system32\advpack.dll
2009-01-15 02:02:50 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-01-15 02:02:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-01-15 02:02:20 ----A---- C:\WINDOWS\system32\mstime.dll
2009-01-15 02:01:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-01-15 02:01:42 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-01-15 02:01:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-01-15 02:01:40 ----A---- C:\WINDOWS\system32\icardie.dll
2009-01-15 02:01:26 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-01-15 02:01:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-01-15 02:01:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-01-15 02:01:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-01-15 02:01:06 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-01-15 02:00:46 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-01-15 02:00:38 ----A---- C:\WINDOWS\system32\mshta.exe
2009-01-15 01:50:50 ----A---- C:\WINDOWS\system32\ieui.dll
2009-01-15 01:50:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-01-15 01:35:10 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-01-05 09:38:25 ----SHD---- C:\WINDOWS\Installer
2009-01-05 09:38:25 ----HD---- C:\Config.Msi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-12 255536]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2009-02-06 362544]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-12 306736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-12 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-12 198192]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-03-17 165504]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090317.006\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090317.006\NAVEX15.SYS []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-12 12976]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-12 89904]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-12 34608]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-12 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-12 24624]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-08 190560]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2005-07-26 140064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 826752]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-06 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0420VID;Live! Cam Vista IM (VF0420); C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-12 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 FSMA;F-Secure Management Agent; C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE []
S2 rusxqeyfge;Rusxqeyfge; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
S2 ycoyhujyria;YCoyhujyria; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe []
S3 ICScsiSV;Image Converter SCSI Service; C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 IcVzMonLauncher;IcVzMonLauncher; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
-----------------EOF-----------------
/!\ Seul balle-taz-art peut suivre cette procédure /!\
Désactive toute protection résidente (Antivirus...) !
--> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll:: Driver:: NetSvc:: File:: Folder:: Registry:: |
--> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes .
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
--> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
- Cela va relancer Combofix : au message qui apparaît, accepte.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
- Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
Message édité par Destrio5 le 18-03-2009 à 01:19:57
en tou cas tu te prend bien la tete pour trouver une soluce et sa fai vraimen plaisir
ComboFix 09-03-15.01 - audrey 2009-03-18 1:26:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.622 [GMT 1:00]
Lancé depuis: c:\documents and settings\audrey.NOM_ORDINATEUR\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\audrey.NOM_ORDINATEUR\Bureau\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\97837c55-.txt
c:\windows\system32\drivers\6c8f5997.sys
c:\windows\system32\isofopig.tmp
c:\windows\system32\kvtjaxgd.dll
c:\windows\system32\oroyawik.tmp
c:\windows\system32\pinafadi.dll
c:\windows\system32\uyekupiv.tmp
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\-1667188604\
c:\windows\system32\97837c55-.txt
c:\windows\system32\drivers\6c8f5997.sys
c:\windows\system32\isofopig.tmp
c:\windows\system32\kvtjaxgd.dll
c:\windows\system32\oroyawik.tmp
c:\windows\system32\pinafadi.dll
c:\windows\system32\uyekupiv.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_rusxqeyfge
-------\Legacy_ycoyhujyria
-------\Service_rusxqeyfge
-------\Service_ycoyhujyria
-------\Service_6c8f5997
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-18 au 2009-03-18 ))))))))))))))))))))))))))))))))))))
.
2009-03-17 20:07 . 2009-03-17 20:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 20:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 20:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 22:21 . 2009-03-16 22:23 2 --a------ C:\-1667188604
2009-03-16 15:52 . 2009-03-16 15:53 <REP> d-------- C:\rsit
2009-03-16 15:52 . 2009-03-17 20:55 <REP> d-------- c:\program files\trend micro
2009-03-05 11:04 . 2009-03-05 11:04 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\IECompatCache
2009-03-05 11:02 . 2009-03-05 11:02 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\PrivacIE
2009-03-05 11:02 . 2009-03-05 11:02 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\IETldCache
2009-03-05 10:52 . 2009-03-05 10:56 <REP> d--h-c--- c:\windows\ie8
2009-03-01 17:53 . 2009-03-01 17:53 <REP> d-------- c:\documents and settings\Propriétaire
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 12:01 --------- d-----w c:\documents and settings\audrey.NOM_ORDINATEUR\Application Data\OpenOffice.org2
2009-02-06 21:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-06 15:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-06 15:00 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-06 15:00 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-06 15:00 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-06 15:00 --------- d-----w c:\program files\Symantec
2009-02-06 14:59 --------- d-----w c:\program files\Windows Sidebar
2009-02-06 14:59 --------- d-----w c:\program files\Norton AntiVirus
2009-02-06 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-06 14:57 --------- d-----w c:\program files\NortonInstaller
2009-02-06 14:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2006-05-05 06:39 8 -csh--r c:\windows\system32\083B7C0DB7.sys
2006-05-05 06:39 4,704 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-10-27 11:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008102720081028\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-17_20.35.07.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-18 00:29:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_238.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Fichiers communs\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\Orange\\AntivirusFirewall\\Common\\FSM32.EXE"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\OpenOffice.org 2.0\\program\\soffice.bin"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\V0420Mon.exe"=
"c:\\Program Files\\Sony\\WALKMAN Launcher\\WMAAD.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"=
"c:\\Program Files\\Common Files\\X10\\Common\\X10nets.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Norton AntiVirus\\Engine\\16.2.0.7\\ccSvcHst.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-06 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-06 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-12 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-06 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;c:\windows\system32\drivers\W33ND.SYS [2006-05-11 140064]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-04-28 7040]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-05-03 826752]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2006-04-28 46108]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [?]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2008-01-05 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2008-01-05 67760]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2008-11-23 99648]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [?]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4988ade-98fe-11dc-b15f-0040d090bb30}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-03-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 01:29:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-03-18 1:32:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-18 00:32:11
ComboFix2.txt 2009-03-17 19:36:36
Avant-CF: 26 021 773 312 octets libres
Après-CF: 26,006,462,464 octets libres
192 --- E O F --- 2008-11-12 14:39:24
/!\ Seul balle-taz-art peut suivre cette procédure /!\
- Supprime les traces de F-Secure avec ceci.
Désactive toute protection résidente (Antivirus...) !
--> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
|
--> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes .
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
--> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
- Cela va relancer Combofix : au message qui apparaît, accepte.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
- Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
ha ouai bien
ComboFix 09-03-15.01 - audrey 2009-03-18 12:45:57.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.597 [GMT 1:00]
Lancé depuis: c:\documents and settings\audrey.NOM_ORDINATEUR\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\audrey.NOM_ORDINATEUR\Bureau\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\-1667188604\
c:\program files\Orange\AntivirusFirewall
c:\program files\Orange\AntivirusFirewall\Common\fpshx.dll
c:\program files\Orange\AntivirusFirewall\Common\fpshx.eng
c:\program files\Orange\AntivirusFirewall\Common\FSEXC.DLL
c:\program files\Orange\AntivirusFirewall\Common\fslapi.dll
c:\program files\Orange\AntivirusFirewall\Common\FSLAUNCH.EXE
c:\program files\Orange\AntivirusFirewall\Common\fsldin.dll
c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE
c:\program files\Orange\AntivirusFirewall\Common\FSMA32.DLL
c:\program files\Orange\AntivirusFirewall\Common\FSPMAPI.DLL
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FSAUA
-------\Legacy_FSMA
-------\Service_FSAUA
-------\Service_FSMA
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-18 au 2009-03-18 ))))))))))))))))))))))))))))))))))))
.
2009-03-18 11:00 . 2009-03-18 11:03 <REP> d--h-c--- c:\windows\ie8
2009-03-17 20:07 . 2009-03-17 20:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 20:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 20:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 22:21 . 2009-03-16 22:23 2 --a------ C:\-1667188604
2009-03-16 15:52 . 2009-03-16 15:53 <REP> d-------- C:\rsit
2009-03-16 15:52 . 2009-03-17 20:55 <REP> d-------- c:\program files\trend micro
2009-03-05 11:04 . 2009-03-05 11:04 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\IECompatCache
2009-03-05 11:02 . 2009-03-05 11:02 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\PrivacIE
2009-03-05 11:02 . 2009-03-05 11:02 <REP> d--hs---- c:\documents and settings\audrey.NOM_ORDINATEUR\IETldCache
2009-03-01 17:53 . 2009-03-01 17:53 <REP> d-------- c:\documents and settings\Propriétaire
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 11:46 --------- d-----w c:\program files\Orange
2009-03-14 12:01 --------- d-----w c:\documents and settings\audrey.NOM_ORDINATEUR\Application Data\OpenOffice.org2
2009-02-06 21:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-06 15:16 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-06 15:00 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-06 15:00 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-06 15:00 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-06 15:00 --------- d-----w c:\program files\Symantec
2009-02-06 14:59 --------- d-----w c:\program files\Windows Sidebar
2009-02-06 14:59 --------- d-----w c:\program files\Norton AntiVirus
2009-02-06 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-06 14:57 --------- d-----w c:\program files\NortonInstaller
2009-02-06 14:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2006-05-05 06:39 8 -csh--r c:\windows\system32\083B7C0DB7.sys
2006-05-05 06:39 4,704 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-10-27 11:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008102720081028\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-17_20.35.07.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
+ 2008-10-13 12:55:22 23,552 ----a-w c:\windows\system32\normaliz.dll
+ 2009-03-18 11:49:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1a8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-27 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Fichiers communs\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\OpenOffice.org 2.0\\program\\soffice.bin"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\V0420Mon.exe"=
"c:\\Program Files\\Sony\\WALKMAN Launcher\\WMAAD.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"=
"c:\\Program Files\\Common Files\\X10\\Common\\X10nets.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Norton AntiVirus\\Engine\\16.2.0.7\\ccSvcHst.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-06 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-06 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-12 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-06 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;c:\windows\system32\drivers\W33ND.SYS [2006-05-11 140064]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-04-28 7040]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-05-03 826752]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2006-04-28 46108]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [?]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2008-01-05 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2008-01-05 67760]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2008-11-23 99648]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [?]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4988ade-98fe-11dc-b15f-0040d090bb30}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-03-18 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 12:49:30
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-03-18 12:52:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-18 11:52:02
ComboFix2.txt 2009-03-18 00:32:20
ComboFix3.txt 2009-03-17 19:36:36
Avant-CF: 25 803 603 968 octets libres
Après-CF: 25,788,039,168 octets libres
191 --- E O F --- 2008-11-12 14:39:24
oké
SDFix: Version 1.240
Run by audrey on 18/03/2009 at 14:59
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\-16671~1 - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 15:04:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*isabled:Nero MediaHome"
"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe:*isabled:reader_sl"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*isabled:RealPlayer"
"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"="C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe:*isabled:realsched"
"C:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"="C:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe:*isabled:CTLCMgr"
"C:\\WINDOWS\\system32\\dumprep.exe"="C:\\WINDOWS\\system32\\dumprep.exe:*isabledumprep"
"C:\\WINDOWS\\system32\\hkcmd.exe"="C:\\WINDOWS\\system32\\hkcmd.exe:*isabled:hkcmd"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*isabled:hpqSTE08"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*isabled:hpqtra08"
"C:\\WINDOWS\\system32\\igfxsrvc.exe"="C:\\WINDOWS\\system32\\igfxsrvc.exe:*isabled:igfxsrvc"
"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*isabled:NetMeeting"
"C:\\WINDOWS\\RTHDCPL.EXE"="C:\\WINDOWS\\RTHDCPL.EXE:*isabled:RTHDCPL"
"C:\\Program Files\\OpenOffice.org 2.0\\program\\soffice.bin"="C:\\Program Files\\OpenOffice.org 2.0\\program\\soffice.bin:*isabled:soffice"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exe:*isabled:spoolsv"
"C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"="C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe:*isabled:usnsvc"
"C:\\WINDOWS\\V0420Mon.exe"="C:\\WINDOWS\\V0420Mon.exe:*isabled:V0420Mon"
"C:\\Program Files\\Sony\\WALKMAN Launcher\\WMAAD.exe"="C:\\Program Files\\Sony\\WALKMAN Launcher\\WMAAD.exe:*isabled:WMAAD"
"C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"="C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe:*isabled:wmiapsrv"
"C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*isabled:wmiprvse"
"C:\\Program Files\\Windows Media Player\\wmpnscfg.exe"="C:\\Program Files\\Windows Media Player\\wmpnscfg.exe:*isabled:WMPNSCFG"
"C:\\Program Files\\Common Files\\X10\\Common\\X10nets.exe"="C:\\Program Files\\Common Files\\X10\\Common\\X10nets.exe:*isabled:x10nets"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabled:Assistance à distance"
"C:\\Program Files\\Norton AntiVirus\\Engine\\16.2.0.7\\ccSvcHst.exe"="C:\\Program Files\\Norton AntiVirus\\Engine\\16.2.0.7\\ccSvcHst.exe:*isabled:ccSvcHst"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*isabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*isabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance à distance"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
"C:\\Program Files\\AOL 9.0\\AOL.exe"="C:\\Program Files\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0\\WAOL.exe"="C:\\Program Files\\AOL 9.0\\WAOL.exe:*:enabled:AOL 9.0"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting"
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 5 May 2006 8 ..SHR --- "C:\WINDOWS\system32\083B7C0DB7.sys"
Fri 5 May 2006 4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 18 Mar 2009 144 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\audrey.NOM_ORDINATEUR\Application Data\U3\temp\Launchpad Removal.exe"
Tue 17 Mar 2009 22,017 A..H. --- "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC165.tmp"
Mon 16 Mar 2009 10,241 A..H. --- "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC166.tmp"
Mon 16 Mar 2009 10,241 A..H. --- "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC167.tmp"
Mon 16 Mar 2009 10,241 A..H. --- "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC183.tmp"
Mon 16 Mar 2009 10,241 A..H. --- "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC184.tmp"
Mon 16 Mar 2009 10,241 A..H. --- "C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC185.tmp"
Finished!
Logfile of random's system information tool 1.05 (written by random/random)
Run by audrey at 2009-03-18 15:34:19
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 25 GB (59%) free of 42 GB
Total RAM: 1015 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:36, on 18/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\CF31623.exe
C:\WINDOWS\system32\cscript.exe
C:\Documents and Settings\audrey.NOM_ORDINATEUR\Bureau\RSIT.exe
C:\Program Files\trend micro\audrey.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6237794640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6584 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-27 308832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2009-02-06 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-27 185872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=cli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*isabled:Nero MediaHome"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*isabled:reader_sl"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPlayer"
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*isabled:realsched"
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe:*isabled:CTLCMgr"
"C:\WINDOWS\system32\dumprep.exe"="C:\WINDOWS\system32\dumprep.exe:*isabledumprep"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*isabled:hkcmd"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*isabled:hpqSTE08"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*isabled:hpqtra08"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*isabled:igfxsrvc"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*isabled:NetMeeting"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*isabled:RTHDCPL"
"C:\Program Files\OpenOffice.org 2.0\program\soffice.bin"="C:\Program Files\OpenOffice.org 2.0\program\soffice.bin:*isabled:soffice"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*isabled:spoolsv"
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"="C:\Program Files\Windows Live\Messenger\usnsvc.exe:*isabled:usnsvc"
"C:\WINDOWS\V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe:*isabled:V0420Mon"
"C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe:*isabled:WMAAD"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*isabled:wmiapsrv"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*isabled:wmiprvse"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"="C:\Program Files\Windows Media Player\wmpnscfg.exe:*isabled:WMPNSCFG"
"C:\Program Files\Common Files\X10\Common\X10nets.exe"="C:\Program Files\Common Files\X10\Common\X10nets.exe:*isabled:x10nets"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:Assistance à distance"
"C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe"="C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe:*isabled:ccSvcHst"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*isabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*isabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*isabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4988ade-98fe-11dc-b15f-0040d090bb30}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-03-18 15:33:55 ----D---- C:\ComboFix
2009-03-18 14:55:57 ----D---- C:\WINDOWS\ERUNT
2009-03-18 14:53:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-18 12:53:18 ----SHD---- C:\RECYCLER
2009-03-18 12:52:12 ----A---- C:\ComboFix.txt
2009-03-18 11:00:43 ----HDC---- C:\WINDOWS\ie8
2009-03-18 01:46:30 ----A---- C:\DirLook1.txt
2009-03-18 01:44:49 ----A---- C:\DirLook.txt
2009-03-18 00:46:40 ----A---- C:\resultat.txt
2009-03-17 20:29:21 ----A---- C:\Boot.bak
2009-03-17 20:29:16 ----RASHD---- C:\cmdcons
2009-03-17 20:07:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-16 16:15:13 ----D---- C:\WINDOWS\ERDNT
2009-03-16 15:52:57 ----D---- C:\Program Files\trend micro
2009-03-16 15:52:55 ----D---- C:\rsit
======List of files/folders modified in the last 1 months======
2009-03-18 15:34:24 ----D---- C:\WINDOWS\Prefetch
2009-03-18 15:34:14 ----D---- C:\WINDOWS
2009-03-18 15:34:09 ----D---- C:\WINDOWS\system32
2009-03-18 15:06:29 ----D---- C:\WINDOWS\Temp
2009-03-18 15:03:05 ----AC---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-18 14:58:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-18 14:51:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-18 12:53:22 ----RD---- C:\Program Files
2009-03-18 12:52:16 ----D---- C:\WINDOWS\system32\drivers
2009-03-18 12:50:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-18 12:49:32 ----A---- C:\WINDOWS\system.ini
2009-03-18 12:48:00 ----D---- C:\WINDOWS\system32\config
2009-03-18 12:47:12 ----D---- C:\WINDOWS\AppPatch
2009-03-18 12:47:08 ----D---- C:\Program Files\Fichiers communs
2009-03-18 11:04:40 ----D---- C:\WINDOWS\system32\fr-fr
2009-03-18 11:04:39 ----D---- C:\WINDOWS\Media
2009-03-18 11:04:39 ----D---- C:\Program Files\Internet Explorer
2009-03-18 11:04:38 ----HD---- C:\WINDOWS\inf
2009-03-18 11:04:38 ----D---- C:\WINDOWS\Help
2009-03-17 20:29:21 ----RASH---- C:\boot.ini
2009-03-17 09:46:51 ----D---- C:\WINDOWS\system32\Lang
2009-03-17 09:46:07 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-16 11:22:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-14 13:01:06 ----D---- C:\Documents and Settings\audrey.NOM_ORDINATEUR\Application Data\OpenOffice.org2
2009-03-14 12:27:33 ----AC---- C:\WINDOWS\WORDPAD.INI
2009-03-14 12:24:29 ----D---- C:\Documents and Settings
2009-03-10 13:38:32 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-03-09 16:20:01 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-05 15:35:41 ----D---- C:\WINDOWS\network diagnostic
2009-03-05 10:56:41 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-12 255536]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2009-02-06 362544]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-12 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-12 198192]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 catchme;catchme; \??\C:\DOCUME~1\AUDREY~1.NOM\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-03-17 165504]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090317.053\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090317.053\NAVEX15.SYS []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-12 306736]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-12 12976]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-12 89904]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-12 34608]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-12 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-12 24624]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-08 190560]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2005-07-26 140064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 826752]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-06 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0420VID;Live! Cam Vista IM (VF0420); C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-12 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ICScsiSV;Image Converter SCSI Service; C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 IcVzMonLauncher;IcVzMonLauncher; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
-----------------EOF-----------------
ces cool ,mais sa ne risque pa de les mettre en conflit norton et antivir ?
haa un cheval de troie et un virtu mondo je l'ai ai supprimé .
Avira AntiVir Personal
Date de création du fichier de rapport : mercredi 18 mars 2009 16:57
La recherche porte sur 1306790 souches de virus.
Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows 
Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :NOM_ORDINATEUR
Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 15:51:10
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 15:51:13
ANTIVIR3.VDF : 7.1.2.187 212480 Bytes 18/03/2009 15:51:14
Version du moteur: 8.2.0.120
AEVDF.DLL : 8.1.1.0 106868 Bytes 18/03/2009 15:51:25
AESCRIPT.DLL : 8.1.1.67 364923 Bytes 18/03/2009 15:51:24
AESCN.DLL : 8.1.1.8 127346 Bytes 18/03/2009 15:51:23
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 18/03/2009 15:51:23
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 18/03/2009 15:51:21
AEHEUR.DLL : 8.1.0.107 1663352 Bytes 18/03/2009 15:51:20
AEHELP.DLL : 8.1.2.2 119158 Bytes 18/03/2009 15:51:17
AEGEN.DLL : 8.1.1.30 336245 Bytes 18/03/2009 15:51:16
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 18/03/2009 15:51:15
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43
Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:, E:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Tous les fichiers
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen
Début de la recherche : mercredi 18 mars 2009 16:57
La recherche d'objets cachés commence.
'58754' objets ont été contrôlés, '0' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AcroRd32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'usnsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ccSvcHst.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'X10nets.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ccSvcHst.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'39' processus ont été contrôlés avec '39' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '53' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\' <BOOT>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC165.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.Suurch.LT
[AVERTISSEMENT] Impossible de supprimer le fichier !
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a331b12.qua' !
Recherche débutant dans 'D:\' <BACKUP>
D:\Tools\eTrustAntivirus7.1\eTrustAntivirusOEM\Bin\eAV_S.Win\webpkg.exe
[0] Type d'archive: RSRC
--> Object
[1] Type d'archive: CAB (Microsoft)
--> inoweb.exe
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
Recherche débutant dans 'E:\' <RECOVER>
Fin de la recherche : mercredi 18 mars 2009 17:37
Temps nécessaire: 39:55 Minute(s)
La recherche a été effectuée intégralement
5079 Les répertoires ont été contrôlés
204151 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
1 Des fichiers ont été classés comme suspects
1 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
204148 Fichiers non infectés
8259 Les archives ont été contrôlées
3 Avertissements
2 Consignes
58754 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
depuis que tes doigt de féé son arrivé tou va pour le mieu en tou cas je te remercie vraiment bcp pour le temp que tu a passer sur mes probleme et le resulta qui sen degage ,je n'aurrai jamai pu et su faire tou sa excelent
Logfile of random's system information tool 1.05 (written by random/random)
Run by audrey at 2009-03-18 18:07:46
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 26 GB (61%) free of 42 GB
Total RAM: 1015 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:00, on 18/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\audrey.NOM_ORDINATEUR\Bureau\RSIT.exe
C:\Program Files\trend micro\audrey.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6237794640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6315 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-27 308832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2009-02-06 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-27 185872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=cli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*isabled:Nero MediaHome"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*isabled:reader_sl"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*isabled:RealPlayer"
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*isabled:realsched"
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe:*isabled:CTLCMgr"
"C:\WINDOWS\system32\dumprep.exe"="C:\WINDOWS\system32\dumprep.exe:*isabledumprep"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*isabled:hkcmd"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*isabled:hpqSTE08"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*isabled:hpqtra08"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*isabled:igfxsrvc"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*isabled:NetMeeting"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*isabled:RTHDCPL"
"C:\Program Files\OpenOffice.org 2.0\program\soffice.bin"="C:\Program Files\OpenOffice.org 2.0\program\soffice.bin:*isabled:soffice"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*isabled:spoolsv"
"C:\Program Files\Windows Live\Messenger\usnsvc.exe"="C:\Program Files\Windows Live\Messenger\usnsvc.exe:*isabled:usnsvc"
"C:\WINDOWS\V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe:*isabled:V0420Mon"
"C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe:*isabled:WMAAD"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*isabled:wmiapsrv"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*isabled:wmiprvse"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"="C:\Program Files\Windows Media Player\wmpnscfg.exe:*isabled:WMPNSCFG"
"C:\Program Files\Common Files\X10\Common\X10nets.exe"="C:\Program Files\Common Files\X10\Common\X10nets.exe:*isabled:x10nets"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:Assistance à distance"
"C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe"="C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe:*isabled:ccSvcHst"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*isabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*isabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*isabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4988ade-98fe-11dc-b15f-0040d090bb30}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-03-18 15:33:55 ----D---- C:\ComboFix
2009-03-18 14:55:57 ----D---- C:\WINDOWS\ERUNT
2009-03-18 14:53:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-18 12:53:18 ----SHD---- C:\RECYCLER
2009-03-18 12:52:12 ----A---- C:\ComboFix.txt
2009-03-18 11:00:43 ----HDC---- C:\WINDOWS\ie8
2009-03-18 01:46:30 ----A---- C:\DirLook1.txt
2009-03-18 01:44:49 ----A---- C:\DirLook.txt
2009-03-18 00:46:40 ----A---- C:\resultat.txt
2009-03-17 20:29:21 ----A---- C:\Boot.bak
2009-03-17 20:29:16 ----RASHD---- C:\cmdcons
2009-03-17 20:07:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-16 16:15:13 ----D---- C:\WINDOWS\ERDNT
2009-03-16 15:52:57 ----D---- C:\Program Files\trend micro
2009-03-16 15:52:55 ----D---- C:\rsit
======List of files/folders modified in the last 1 months======
2009-03-18 18:07:16 ----D---- C:\WINDOWS\Temp
2009-03-18 18:07:14 ----AC---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-18 18:06:48 ----RD---- C:\Program Files
2009-03-18 18:05:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-18 18:05:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-18 18:03:26 ----D---- C:\WINDOWS\system32\drivers
2009-03-18 18:03:25 ----D---- C:\WINDOWS\Prefetch
2009-03-18 16:16:48 ----D---- C:\Documents and Settings\audrey.NOM_ORDINATEUR\Application Data\AdobeUM
2009-03-18 16:15:18 ----SHD---- C:\WINDOWS\Installer
2009-03-18 16:15:14 ----HD---- C:\Config.Msi
2009-03-18 15:34:49 ----SHD---- C:\System Volume Information
2009-03-18 15:34:49 ----D---- C:\WINDOWS\system32\Restore
2009-03-18 15:34:14 ----D---- C:\WINDOWS
2009-03-18 15:34:09 ----D---- C:\WINDOWS\system32
2009-03-18 14:58:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-18 12:49:32 ----A---- C:\WINDOWS\system.ini
2009-03-18 12:48:00 ----D---- C:\WINDOWS\system32\config
2009-03-18 12:47:12 ----D---- C:\WINDOWS\AppPatch
2009-03-18 12:47:08 ----D---- C:\Program Files\Fichiers communs
2009-03-18 11:04:40 ----D---- C:\WINDOWS\system32\fr-fr
2009-03-18 11:04:39 ----D---- C:\WINDOWS\Media
2009-03-18 11:04:39 ----D---- C:\Program Files\Internet Explorer
2009-03-18 11:04:38 ----HD---- C:\WINDOWS\inf
2009-03-18 11:04:38 ----D---- C:\WINDOWS\Help
2009-03-17 20:29:21 ----RASH---- C:\boot.ini
2009-03-17 09:46:51 ----D---- C:\WINDOWS\system32\Lang
2009-03-17 09:46:07 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-16 11:22:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-14 13:01:06 ----D---- C:\Documents and Settings\audrey.NOM_ORDINATEUR\Application Data\OpenOffice.org2
2009-03-14 12:27:33 ----AC---- C:\WINDOWS\WORDPAD.INI
2009-03-14 12:24:29 ----D---- C:\Documents and Settings
2009-03-10 13:38:32 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-03-09 16:20:01 ----D---- C:\WINDOWS\system32\FxsTmp
2009-03-05 15:35:41 ----D---- C:\WINDOWS\network diagnostic
2009-03-05 10:56:41 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-12 255536]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2009-02-06 362544]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-12 306736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-12 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-12 198192]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-03-17 165504]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090318.006\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090318.006\NAVEX15.SYS []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-12 12976]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-12 89904]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-12 34608]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-12 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-12 24624]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-08 190560]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2005-07-26 140064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 826752]
S3 catchme;catchme; \??\C:\DOCUME~1\AUDREY~1.NOM\LOCALS~1\Temp\catchme.sys []
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-06 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0420VID;Live! Cam Vista IM (VF0420); C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-12 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-03-17 14336]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ICScsiSV;Image Converter SCSI Service; C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
S3 IcVzMonLauncher;IcVzMonLauncher; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 43184]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-17 14336]
-----------------EOF-----------------
1/
- Désinstalle HijackThis.
- Télécharge ToolsCleaner2 sur ton Bureau.
- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/
- Télécharge et installe CCleaner Slim.
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
- Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3/
- Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
- Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.
==Prévention==
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).
Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
Si tu estimes que ton problème est résolu :
---> Ajoute maintenant [Résolu] au titre. Pour cela :
- Clique, dans ton premier message, sur le bouton Editer
.
- Rajoute la mention [Résolu] devant le titre.
- Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet
