Virus ds fichier ddl

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:29, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ba01aa28-5314-4742-b8bd-75cece9d257b} - C:\WINDOWS\system32\johabuji.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sidelovofi] Rundll32.exe "C:\WINDOWS\system32\yevazani.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [sidelovofi] Rundll32.exe "C:\WINDOWS\system32\yevazani.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230903626063&h=67b6e5cac13e22b62cbd29b1917b9af3/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\yimazitu.dll c:\windows\system32\vapudabi.dll C:\WINDOWS\system32\watusero.dll c:\windows\system32\sofapohe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/01/2009|22:01 )

--------------------\\ Listing des dossiers dans APPLIC~1

[06/01/2006|05:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[10/08/2006|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer
[06/01/2006|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/07/2007|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/12/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[06/01/2006|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/12/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[08/04/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[28/12/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/12/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[28/12/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/06/2007|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/02/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[16/08/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[17/12/2006|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/12/2006|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[21/10/2007|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/12/2006|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/08/2006|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[19/08/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
[26/11/2006|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/12/2006|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[07/10/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[06/01/2006|05:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/11/2006|17:44] C:\DOCUME~1\edwige\APPLIC~1\ACD Systems
[10/08/2006|06:20] C:\DOCUME~1\edwige\APPLIC~1\Acer
[10/09/2008|22:23] C:\DOCUME~1\edwige\APPLIC~1\Adobe
[14/08/2006|21:12] C:\DOCUME~1\edwige\APPLIC~1\AdobeAUM
[15/07/2008|19:55] C:\DOCUME~1\edwige\APPLIC~1\AdobeUM
[25/01/2007|17:46] C:\DOCUME~1\edwige\APPLIC~1\Angkor
[08/08/2007|11:38] C:\DOCUME~1\edwige\APPLIC~1\Apple Computer
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\ConvertTemp
[10/08/2006|07:14] C:\DOCUME~1\edwige\APPLIC~1\CyberLink
[29/08/2006|17:51] C:\DOCUME~1\edwige\APPLIC~1\EfHome
[24/08/2006|13:52] C:\DOCUME~1\edwige\APPLIC~1\EPSON
[27/11/2006|11:13] C:\DOCUME~1\edwige\APPLIC~1\funkitron
[18/01/2007|18:04] C:\DOCUME~1\edwige\APPLIC~1\Gaijin Ent
[26/05/2007|12:47] C:\DOCUME~1\edwige\APPLIC~1\gtk-2.0
[10/08/2006|07:10] C:\DOCUME~1\edwige\APPLIC~1\Help
[06/01/2006|05:36] C:\DOCUME~1\edwige\APPLIC~1\Identities
[16/08/2006|16:09] C:\DOCUME~1\edwige\APPLIC~1\Leadertech
[02/01/2009|22:07] C:\DOCUME~1\edwige\APPLIC~1\LimeWire
[10/08/2006|06:14] C:\DOCUME~1\edwige\APPLIC~1\Macromedia
[28/12/2008|17:06] C:\DOCUME~1\edwige\APPLIC~1\Malwarebytes
[04/05/2008|10:38] C:\DOCUME~1\edwige\APPLIC~1\Media Player Classic
[31/05/2008|10:53] C:\DOCUME~1\edwige\APPLIC~1\Microsoft
[13/10/2007|14:38] C:\DOCUME~1\edwige\APPLIC~1\Nero
[05/01/2009|08:41] C:\DOCUME~1\edwige\APPLIC~1\OpenOffice.org2
[17/12/2006|12:35] C:\DOCUME~1\edwige\APPLIC~1\PlayFirst
[09/12/2007|21:35] C:\DOCUME~1\edwige\APPLIC~1\Real
[28/12/2008|15:03] C:\DOCUME~1\edwige\APPLIC~1\Samsung
[23/03/2007|15:45] C:\DOCUME~1\edwige\APPLIC~1\Screenshot Sender
[05/01/2009|18:42] C:\DOCUME~1\edwige\APPLIC~1\Software Informer
[29/08/2006|17:35] C:\DOCUME~1\edwige\APPLIC~1\SPB
[05/01/2007|10:07] C:\DOCUME~1\edwige\APPLIC~1\Sun
[14/08/2006|21:26] C:\DOCUME~1\edwige\APPLIC~1\Template
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\Temporary
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\TransRender
[30/10/2008|10:35] C:\DOCUME~1\edwige\APPLIC~1\U3
[05/01/2009|21:28] C:\DOCUME~1\edwige\APPLIC~1\uTorrent
[19/08/2008|18:49] C:\DOCUME~1\edwige\APPLIC~1\VadeRetro
[15/02/2007|19:57] C:\DOCUME~1\edwige\APPLIC~1\WhenU
[04/09/2007|15:21] C:\DOCUME~1\edwige\APPLIC~1\WinRAR

[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[06/01/2006|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2006|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/01/2009 08:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/01/2006|05:52] C:\Program Files\Acer
[06/01/2006|05:50] C:\Program Files\Acer Inc
[06/01/2006|05:51] C:\Program Files\Adobe
[12/11/2006|16:32] C:\Program Files\Alwil Software
[12/11/2006|17:36] C:\Program Files\American Systems
[03/03/2008|20:44] C:\Program Files\Apple Software Update
[07/12/2008|19:52] C:\Program Files\Avira
[06/01/2006|05:29] C:\Program Files\ComPlus Applications
[06/01/2006|05:42] C:\Program Files\CONEXANT
[06/01/2006|05:53] C:\Program Files\CyberLink
[15/02/2007|19:56] C:\Program Files\DAEMON Tools
[28/05/2007|12:16] C:\Program Files\EA GAMES
[28/06/2008|12:28] C:\Program Files\ElcomSoft
[12/08/2008|11:56] C:\Program Files\epson
[16/03/2008|15:13] C:\Program Files\FBrowserAdvisor
[16/03/2008|15:13] C:\Program Files\FBrowsingAdvisor
[28/12/2008|14:43] C:\Program Files\Fichiers communs
[30/12/2008|23:16] C:\Program Files\Free Download Manager
[08/01/2007|18:40] C:\Program Files\Google
[19/08/2008|19:12] C:\Program Files\Goto Software
[28/12/2008|15:17] C:\Program Files\Grisoft
[20/12/2008|19:36] C:\Program Files\Guillemot
[26/06/2007|17:02] C:\Program Files\Hasbro Interactive
[29/12/2008|00:03] C:\Program Files\InstallShield Installation Information
[06/01/2006|05:37] C:\Program Files\Intel
[13/12/2008|11:06] C:\Program Files\Internet Explorer
[28/12/2008|18:11] C:\Program Files\InternetProgram
[03/03/2008|20:47] C:\Program Files\iPod
[02/01/2009|14:41] C:\Program Files\Java
[25/08/2007|21:32] C:\Program Files\Launch Manager
[28/12/2008|14:15] C:\Program Files\Lavasoft
[03/05/2008|16:52] C:\Program Files\LimeWire
[26/11/2006|18:48] C:\Program Files\Livre Album Fuji Photo
[29/08/2006|17:34] C:\Program Files\Logiciel D'Album De Spector
[14/08/2006|22:09] C:\Program Files\Logitech
[30/12/2008|23:19] C:\Program Files\ma-config.com
[28/12/2008|17:06] C:\Program Files\Malwarebytes' Anti-Malware
[08/06/2008|19:46] C:\Program Files\MediaCoder Audio Edition
[02/12/2008|11:42] C:\Program Files\Messenger
[08/09/2008|18:55] C:\Program Files\Messenger Plus! Live
[05/06/2008|19:06] C:\Program Files\MessengerPlus! 3
[01/09/2008|15:51] C:\Program Files\Micro Application
[09/05/2007|20:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/01/2006|05:31] C:\Program Files\microsoft frontpage
[10/08/2006|06:25] C:\Program Files\Microsoft Office
[10/08/2006|06:24] C:\Program Files\Microsoft Works
[02/12/2008|11:10] C:\Program Files\Movie Maker
[02/12/2008|11:10] C:\Program Files\msn
[06/01/2006|05:29] C:\Program Files\MSN Gaming Zone
[17/11/2006|16:34] C:\Program Files\MSXML 4.0
[13/11/2008|01:14] C:\Program Files\MSXML 6.0
[04/01/2009|01:02] C:\Program Files\Navilog1
[02/12/2008|11:05] C:\Program Files\NetMeeting
[06/01/2006|05:58] C:\Program Files\NewTech Infosystems
[16/08/2008|10:07] C:\Program Files\NOS
[06/01/2006|05:29] C:\Program Files\Online Services
[10/09/2008|21:25] C:\Program Files\OpenOffice.org 2.4
[30/09/2006|16:20] C:\Program Files\orange
[02/12/2008|11:05] C:\Program Files\Outlook Express
[06/11/2007|20:55] C:\Program Files\Picasa2
[23/11/2007|15:32] C:\Program Files\QuickTime
[09/12/2007|21:30] C:\Program Files\Real
[29/12/2008|00:03] C:\Program Files\Realtek
[15/03/2007|17:37] C:\Program Files\Samsung
[10/08/2006|06:51] C:\Program Files\Securitoo
[06/01/2006|05:30] C:\Program Files\Services en ligne
[09/03/2008|12:22] C:\Program Files\SLD Codec Pack
[28/12/2008|22:23] C:\Program Files\Software Informer
[06/01/2006|05:48] C:\Program Files\Synaptics
[05/01/2009|21:47] C:\Program Files\Trend Micro
[06/01/2006|05:36] C:\Program Files\Uninstall Information
[11/06/2008|09:38] C:\Program Files\uTorrent
[09/03/2008|12:24] C:\Program Files\VideoLAN
[28/06/2008|12:30] C:\Program Files\Wanadoo
[15/02/2007|19:06] C:\Program Files\WinAVI Video Converter
[04/06/2007|18:31] C:\Program Files\Windows Live
[09/03/2008|12:25] C:\Program Files\Windows Live Toolbar
[02/01/2009|21:52] C:\Program Files\Windows Media Connect 2
[02/12/2008|11:05] C:\Program Files\Windows Media Player
[02/12/2008|11:05] C:\Program Files\Windows NT
[06/01/2006|05:30] C:\Program Files\WindowsUpdate
[10/08/2006|06:17] C:\Program Files\WinPCap
[04/09/2007|15:21] C:\Program Files\WinRAR
[06/01/2006|05:31] C:\Program Files\xerox
[16/08/2006|19:14] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/11/2006|17:42] C:\Program Files\Fichiers communs\ACD Systems
[06/01/2006|05:51] C:\Program Files\Fichiers communs\Adobe
[26/05/2007|12:43] C:\Program Files\Fichiers communs\GTK
[06/01/2006|05:37] C:\Program Files\Fichiers communs\InstallShield
[14/08/2006|22:09] C:\Program Files\Fichiers communs\Logitech
[07/10/2007|08:32] C:\Program Files\Fichiers communs\Microsoft Shared
[06/01/2006|05:30] C:\Program Files\Fichiers communs\MSSoap
[06/01/2006|05:58] C:\Program Files\Fichiers communs\muvee Technologies
[06/01/2006|05:58] C:\Program Files\Fichiers communs\NewTech Infosystems
[06/01/2006|05:25] C:\Program Files\Fichiers communs\ODBC
[09/12/2007|21:30] C:\Program Files\Fichiers communs\Real
[06/01/2006|05:30] C:\Program Files\Fichiers communs\Services
[06/01/2006|05:25] C:\Program Files\Fichiers communs\SpeechEngines
[08/03/2008|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[02/12/2008|11:05] C:\Program Files\Fichiers communs\System
[15/02/2007|19:57] C:\Program Files\Fichiers communs\WhenU
[28/12/2008|14:14] C:\Program Files\Fichiers communs\Wise Installation Wizard
[09/12/2007|21:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 69 Processes )

iexplore.exe ~ [PID:3288]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh7.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh8.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nsn48.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nso49.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nsr4C.tmp
C:\DOCUME~1\edwige\Cookies\edwige@advertising[1].txt
C:\DOCUME~1\edwige\Cookies\edwige@cotedazurpalace[2].txt
C:\DOCUME~1\edwige\Cookies\edwige@www.cotedazurpalace[1].txt
C:\DOCUME~1\edwige\Cookies\edwige@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:05:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 416

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:701][D:22]-> C:\DOCUME~1\edwige\LOCALS~1\Temp
[F:141][D:0]-> C:\DOCUME~1\edwige\Cookies
[F:6197][D:8]-> C:\DOCUME~1\edwige\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009|22:07 - Option : [1]

--------------------\\ Fin du rapport a 22:07:26

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 05/01/2009|22:11 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh7.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh8.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsn48.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nso49.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsr4C.tmp
Supprime! - C:\DOCUME~1\edwige\Cookies\edwige@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\edwige\Cookies\edwige@www.cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\edwige\Cookies\edwige@adopt.euroclick[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[06/01/2006|05:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[10/08/2006|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer
[06/01/2006|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/07/2007|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/12/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[06/01/2006|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/12/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[08/04/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[28/12/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/12/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[28/12/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/06/2007|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/02/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[16/08/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[17/12/2006|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/12/2006|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[21/10/2007|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/12/2006|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/08/2006|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[19/08/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
[26/11/2006|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/12/2006|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[07/10/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[06/01/2006|05:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/11/2006|17:44] C:\DOCUME~1\edwige\APPLIC~1\ACD Systems
[10/08/2006|06:20] C:\DOCUME~1\edwige\APPLIC~1\Acer
[10/09/2008|22:23] C:\DOCUME~1\edwige\APPLIC~1\Adobe
[14/08/2006|21:12] C:\DOCUME~1\edwige\APPLIC~1\AdobeAUM
[15/07/2008|19:55] C:\DOCUME~1\edwige\APPLIC~1\AdobeUM
[25/01/2007|17:46] C:\DOCUME~1\edwige\APPLIC~1\Angkor
[08/08/2007|11:38] C:\DOCUME~1\edwige\APPLIC~1\Apple Computer
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\ConvertTemp
[10/08/2006|07:14] C:\DOCUME~1\edwige\APPLIC~1\CyberLink
[29/08/2006|17:51] C:\DOCUME~1\edwige\APPLIC~1\EfHome
[24/08/2006|13:52] C:\DOCUME~1\edwige\APPLIC~1\EPSON
[27/11/2006|11:13] C:\DOCUME~1\edwige\APPLIC~1\funkitron
[18/01/2007|18:04] C:\DOCUME~1\edwige\APPLIC~1\Gaijin Ent
[26/05/2007|12:47] C:\DOCUME~1\edwige\APPLIC~1\gtk-2.0
[10/08/2006|07:10] C:\DOCUME~1\edwige\APPLIC~1\Help
[06/01/2006|05:36] C:\DOCUME~1\edwige\APPLIC~1\Identities
[16/08/2006|16:09] C:\DOCUME~1\edwige\APPLIC~1\Leadertech
[02/01/2009|22:07] C:\DOCUME~1\edwige\APPLIC~1\LimeWire
[10/08/2006|06:14] C:\DOCUME~1\edwige\APPLIC~1\Macromedia
[28/12/2008|17:06] C:\DOCUME~1\edwige\APPLIC~1\Malwarebytes
[04/05/2008|10:38] C:\DOCUME~1\edwige\APPLIC~1\Media Player Classic
[31/05/2008|10:53] C:\DOCUME~1\edwige\APPLIC~1\Microsoft
[13/10/2007|14:38] C:\DOCUME~1\edwige\APPLIC~1\Nero
[05/01/2009|08:41] C:\DOCUME~1\edwige\APPLIC~1\OpenOffice.org2
[17/12/2006|12:35] C:\DOCUME~1\edwige\APPLIC~1\PlayFirst
[09/12/2007|21:35] C:\DOCUME~1\edwige\APPLIC~1\Real
[28/12/2008|15:03] C:\DOCUME~1\edwige\APPLIC~1\Samsung
[23/03/2007|15:45] C:\DOCUME~1\edwige\APPLIC~1\Screenshot Sender
[05/01/2009|18:42] C:\DOCUME~1\edwige\APPLIC~1\Software Informer
[29/08/2006|17:35] C:\DOCUME~1\edwige\APPLIC~1\SPB
[05/01/2007|10:07] C:\DOCUME~1\edwige\APPLIC~1\Sun
[14/08/2006|21:26] C:\DOCUME~1\edwige\APPLIC~1\Template
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\Temporary
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\TransRender
[30/10/2008|10:35] C:\DOCUME~1\edwige\APPLIC~1\U3
[05/01/2009|21:28] C:\DOCUME~1\edwige\APPLIC~1\uTorrent
[19/08/2008|18:49] C:\DOCUME~1\edwige\APPLIC~1\VadeRetro
[15/02/2007|19:57] C:\DOCUME~1\edwige\APPLIC~1\WhenU
[04/09/2007|15:21] C:\DOCUME~1\edwige\APPLIC~1\WinRAR

[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[06/01/2006|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2006|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/01/2009 08:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/01/2006|05:52] C:\Program Files\Acer
[06/01/2006|05:50] C:\Program Files\Acer Inc
[06/01/2006|05:51] C:\Program Files\Adobe
[12/11/2006|16:32] C:\Program Files\Alwil Software
[12/11/2006|17:36] C:\Program Files\American Systems
[03/03/2008|20:44] C:\Program Files\Apple Software Update
[07/12/2008|19:52] C:\Program Files\Avira
[06/01/2006|05:29] C:\Program Files\ComPlus Applications
[06/01/2006|05:42] C:\Program Files\CONEXANT
[06/01/2006|05:53] C:\Program Files\CyberLink
[15/02/2007|19:56] C:\Program Files\DAEMON Tools
[28/05/2007|12:16] C:\Program Files\EA GAMES
[28/06/2008|12:28] C:\Program Files\ElcomSoft
[12/08/2008|11:56] C:\Program Files\epson
[16/03/2008|15:13] C:\Program Files\FBrowserAdvisor
[16/03/2008|15:13] C:\Program Files\FBrowsingAdvisor
[28/12/2008|14:43] C:\Program Files\Fichiers communs
[30/12/2008|23:16] C:\Program Files\Free Download Manager
[08/01/2007|18:40] C:\Program Files\Google
[19/08/2008|19:12] C:\Program Files\Goto Software
[28/12/2008|15:17] C:\Program Files\Grisoft
[20/12/2008|19:36] C:\Program Files\Guillemot
[26/06/2007|17:02] C:\Program Files\Hasbro Interactive
[29/12/2008|00:03] C:\Program Files\InstallShield Installation Information
[06/01/2006|05:37] C:\Program Files\Intel
[13/12/2008|11:06] C:\Program Files\Internet Explorer
[28/12/2008|18:11] C:\Program Files\InternetProgram
[03/03/2008|20:47] C:\Program Files\iPod
[02/01/2009|14:41] C:\Program Files\Java
[25/08/2007|21:32] C:\Program Files\Launch Manager
[28/12/2008|14:15] C:\Program Files\Lavasoft
[03/05/2008|16:52] C:\Program Files\LimeWire
[26/11/2006|18:48] C:\Program Files\Livre Album Fuji Photo
[29/08/2006|17:34] C:\Program Files\Logiciel D'Album De Spector
[14/08/2006|22:09] C:\Program Files\Logitech
[30/12/2008|23:19] C:\Program Files\ma-config.com
[28/12/2008|17:06] C:\Program Files\Malwarebytes' Anti-Malware
[08/06/2008|19:46] C:\Program Files\MediaCoder Audio Edition
[02/12/2008|11:42] C:\Program Files\Messenger
[08/09/2008|18:55] C:\Program Files\Messenger Plus! Live
[05/06/2008|19:06] C:\Program Files\MessengerPlus! 3
[01/09/2008|15:51] C:\Program Files\Micro Application
[09/05/2007|20:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/01/2006|05:31] C:\Program Files\microsoft frontpage
[10/08/2006|06:25] C:\Program Files\Microsoft Office
[10/08/2006|06:24] C:\Program Files\Microsoft Works
[02/12/2008|11:10] C:\Program Files\Movie Maker
[02/12/2008|11:10] C:\Program Files\msn
[06/01/2006|05:29] C:\Program Files\MSN Gaming Zone
[17/11/2006|16:34] C:\Program Files\MSXML 4.0
[13/11/2008|01:14] C:\Program Files\MSXML 6.0
[04/01/2009|01:02] C:\Program Files\Navilog1
[02/12/2008|11:05] C:\Program Files\NetMeeting
[06/01/2006|05:58] C:\Program Files\NewTech Infosystems
[16/08/2008|10:07] C:\Program Files\NOS
[06/01/2006|05:29] C:\Program Files\Online Services
[10/09/2008|21:25] C:\Program Files\OpenOffice.org 2.4
[30/09/2006|16:20] C:\Program Files\orange
[02/12/2008|11:05] C:\Program Files\Outlook Express
[06/11/2007|20:55] C:\Program Files\Picasa2
[23/11/2007|15:32] C:\Program Files\QuickTime
[09/12/2007|21:30] C:\Program Files\Real
[29/12/2008|00:03] C:\Program Files\Realtek
[15/03/2007|17:37] C:\Program Files\Samsung
[10/08/2006|06:51] C:\Program Files\Securitoo
[06/01/2006|05:30] C:\Program Files\Services en ligne
[09/03/2008|12:22] C:\Program Files\SLD Codec Pack
[28/12/2008|22:23] C:\Program Files\Software Informer
[06/01/2006|05:48] C:\Program Files\Synaptics
[05/01/2009|21:47] C:\Program Files\Trend Micro
[06/01/2006|05:36] C:\Program Files\Uninstall Information
[11/06/2008|09:38] C:\Program Files\uTorrent
[09/03/2008|12:24] C:\Program Files\VideoLAN
[28/06/2008|12:30] C:\Program Files\Wanadoo
[15/02/2007|19:06] C:\Program Files\WinAVI Video Converter
[04/06/2007|18:31] C:\Program Files\Windows Live
[09/03/2008|12:25] C:\Program Files\Windows Live Toolbar
[02/01/2009|21:52] C:\Program Files\Windows Media Connect 2
[02/12/2008|11:05] C:\Program Files\Windows Media Player
[02/12/2008|11:05] C:\Program Files\Windows NT
[06/01/2006|05:30] C:\Program Files\WindowsUpdate
[10/08/2006|06:17] C:\Program Files\WinPCap
[04/09/2007|15:21] C:\Program Files\WinRAR
[06/01/2006|05:31] C:\Program Files\xerox
[16/08/2006|19:14] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/11/2006|17:42] C:\Program Files\Fichiers communs\ACD Systems
[06/01/2006|05:51] C:\Program Files\Fichiers communs\Adobe
[26/05/2007|12:43] C:\Program Files\Fichiers communs\GTK
[06/01/2006|05:37] C:\Program Files\Fichiers communs\InstallShield
[14/08/2006|22:09] C:\Program Files\Fichiers communs\Logitech
[07/10/2007|08:32] C:\Program Files\Fichiers communs\Microsoft Shared
[06/01/2006|05:30] C:\Program Files\Fichiers communs\MSSoap
[06/01/2006|05:58] C:\Program Files\Fichiers communs\muvee Technologies
[06/01/2006|05:58] C:\Program Files\Fichiers communs\NewTech Infosystems
[06/01/2006|05:25] C:\Program Files\Fichiers communs\ODBC
[09/12/2007|21:30] C:\Program Files\Fichiers communs\Real
[06/01/2006|05:30] C:\Program Files\Fichiers communs\Services
[06/01/2006|05:25] C:\Program Files\Fichiers communs\SpeechEngines
[08/03/2008|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[02/12/2008|11:05] C:\Program Files\Fichiers communs\System
[15/02/2007|19:57] C:\Program Files\Fichiers communs\WhenU
[28/12/2008|14:14] C:\Program Files\Fichiers communs\Wise Installation Wizard
[09/12/2007|21:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 67 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\edwige\Cookies\edwige@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:15:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 416

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:690][D:19]-> C:\DOCUME~1\edwige\LOCALS~1\Temp
[F:138][D:0]-> C:\DOCUME~1\edwige\Cookies
[F:6259][D:8]-> C:\DOCUME~1\edwige\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009|22:07 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/01/2009|22:17 - Option : [2]

--------------------\\ Fin du rapport a 22:17:36

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1562
Windows 5.1.2600 Service Pack 3

05/01/2009 23:13:38
mbam-log-2009-01-05 (23-13-38).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 108022
Temps écoulé: 50 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\watusero.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yevazani.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\johabuji.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kanolalo.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba01aa28-5314-4742-b8bd-75cece9d257b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba01aa28-5314-4742-b8bd-75cece9d257b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba01aa28-5314-4742-b8bd-75cece9d257b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sidelovofi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\watusero.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\watusero.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\watusero.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\yevazani.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\johabuji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\watusero.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP632\A0074036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP632\A0074035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP632\A0074037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tobirugo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ramegige.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fegenope.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ropoligi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kedohugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\katowola.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vozobiya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kanolalo.dll (Trojan.Vundo) -> Delete on reboot.

SmitFraudFix v2.388

Rapport fait à 23:22:51,71, 05/01/2009
Executé à partir de C:\Documents and Settings\edwige\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\edwige\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\edwige


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\edwige\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\edwige\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\edwige\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\yimazitu.dll c:\\windows\\system32\\vapudabi.dll c:\\windows\\system32\\sofapohe.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:26, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [sidelovofi] Rundll32.exe "C:\WINDOWS\system32\yevazani.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230903626063&h=67b6e5cac13e22b62cbd29b1917b9af3/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\yimazitu.dll c:\windows\system32\vapudabi.dll c:\windows\system32\sofapohe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

nn c bn le rapport a fini par s'ouvrir
voir au dessus

ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 22:00 . 2009-01-05 22:17 <REP> d-------- C:\Lop SD
2009-01-05 21:47 . 2009-01-05 21:47 <REP> d-------- c:\program files\Trend Micro
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-04 01:00 . 2006-01-06 05:25 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-04 01:00 . 2009-01-04 01:00 <REP> d-------- c:\documents and settings\Administrateur
2009-01-02 14:41 . 2009-01-02 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-29 00:04 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-29 00:03 . 2008-12-29 00:03 <REP> d-------- c:\program files\Realtek
2008-12-28 22:26 . 2008-12-30 23:14 <REP> d-------- C:\Downloads
2008-12-28 22:24 . 2009-01-05 23:17 <REP> d-------- c:\documents and settings\edwige\Application Data\Software Informer
2008-12-28 22:23 . 2008-12-28 22:23 <REP> d-------- c:\program files\Software Informer
2008-12-28 22:23 . 2008-12-30 23:16 <REP> d-------- c:\program files\Free Download Manager
2008-12-28 20:42 . 2008-12-30 23:19 <REP> d-------- c:\program files\ma-config.com
2008-12-28 20:42 . 2008-12-30 23:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\edwige\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 15:18 . 2008-12-28 15:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-28 14:15 . 2008-12-28 14:15 <REP> d-------- c:\program files\Lavasoft
2008-12-28 14:15 . 2008-12-28 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-28 13:43 . 2009-01-02 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 13:36 . 2008-12-28 13:36 2,724 ---hs---- c:\windows\system32\nezogeju.dll
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-20 19:36 . 2008-12-20 19:36 <REP> d-------- c:\program files\Guillemot
2008-12-20 19:36 . 2007-03-23 14:57 118,784 --a------ c:\windows\system32\HDJAPI.dll
2008-12-20 19:36 . 2005-01-28 12:49 106,496 --a------ c:\windows\system32\GUStrLib.dll
2008-12-20 19:36 . 2007-01-09 14:47 86,016 --a------ c:\windows\system32\HRFDongle.dll
2008-12-20 19:36 . 2007-02-08 19:23 39,296 --a------ c:\windows\system32\drivers\HDJMidi.sys
2008-12-20 19:36 . 2007-03-23 14:58 23,040 --a------ c:\windows\system32\HDJSAPI.dll
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\program files\Avira
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:44 --------- d-----w c:\documents and settings\edwige\Application Data\OpenOffice.org2
2009-01-05 20:28 --------- d-----w c:\documents and settings\edwige\Application Data\uTorrent
2009-01-04 00:02 --------- d-----w c:\program files\Navilog1
2009-01-02 21:07 --------- d-----w c:\documents and settings\edwige\Application Data\LimeWire
2009-01-02 20:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-02 13:41 --------- d-----w c:\program files\Java
2008-12-28 23:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 17:11 --------- d-----w c:\program files\InternetProgram
2008-12-28 14:03 --------- d-----w c:\documents and settings\edwige\Application Data\Samsung
2008-12-28 13:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 17:12 4,967,424 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-12-23 10:34 18,077,696 ----a-w c:\windows\RTHDCPL.EXE
2008-11-13 00:14 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 16:19 7,142 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2008-10-23 16:42 290,816 ----a-w c:\windows\vncutil.exe
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
1601-01-01 00:12 39,936 --sha-w c:\windows\system32\nunuwege.dll
1601-01-01 00:12 40,960 --sha-w c:\windows\system32\vawinaso.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2008-12-18 1667141]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\epm-dm.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIACE.EXE"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-08-10 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-08-10 4392]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-08-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-08-10 78208]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-08-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-08-10 4010]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-20 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e72898-2c81-11db-bc5b-00166f44482b}]
\Shell\AutoRun\command - F:\Loader.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6697df4-8425-11dd-bf6c-00166f44482b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef177916-99d0-11dc-be48-00166f44482b}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:43:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 23:47:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-05 22:47:31

Avant-CF: 6 680 393 728 octets libres
Après-CF: 6,868,678,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-20 17:31:51

voici,
ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 22:00 . 2009-01-05 22:17 <REP> d-------- C:\Lop SD
2009-01-05 21:47 . 2009-01-05 21:47 <REP> d-------- c:\program files\Trend Micro
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-04 01:00 . 2006-01-06 05:25 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-04 01:00 . 2009-01-04 01:00 <REP> d-------- c:\documents and settings\Administrateur
2009-01-02 14:41 . 2009-01-02 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-29 00:04 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-29 00:03 . 2008-12-29 00:03 <REP> d-------- c:\program files\Realtek
2008-12-28 22:26 . 2008-12-30 23:14 <REP> d-------- C:\Downloads
2008-12-28 22:24 . 2009-01-05 23:17 <REP> d-------- c:\documents and settings\edwige\Application Data\Software Informer
2008-12-28 22:23 . 2008-12-28 22:23 <REP> d-------- c:\program files\Software Informer
2008-12-28 22:23 . 2008-12-30 23:16 <REP> d-------- c:\program files\Free Download Manager
2008-12-28 20:42 . 2008-12-30 23:19 <REP> d-------- c:\program files\ma-config.com
2008-12-28 20:42 . 2008-12-30 23:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\edwige\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 15:18 . 2008-12-28 15:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-28 14:15 . 2008-12-28 14:15 <REP> d-------- c:\program files\Lavasoft
2008-12-28 14:15 . 2008-12-28 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-28 13:43 . 2009-01-02 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 13:36 . 2008-12-28 13:36 2,724 ---hs---- c:\windows\system32\nezogeju.dll
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-20 19:36 . 2008-12-20 19:36 <REP> d-------- c:\program files\Guillemot
2008-12-20 19:36 . 2007-03-23 14:57 118,784 --a------ c:\windows\system32\HDJAPI.dll
2008-12-20 19:36 . 2005-01-28 12:49 106,496 --a------ c:\windows\system32\GUStrLib.dll
2008-12-20 19:36 . 2007-01-09 14:47 86,016 --a------ c:\windows\system32\HRFDongle.dll
2008-12-20 19:36 . 2007-02-08 19:23 39,296 --a------ c:\windows\system32\drivers\HDJMidi.sys
2008-12-20 19:36 . 2007-03-23 14:58 23,040 --a------ c:\windows\system32\HDJSAPI.dll
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\program files\Avira
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:44 --------- d-----w c:\documents and settings\edwige\Application Data\OpenOffice.org2
2009-01-05 20:28 --------- d-----w c:\documents and settings\edwige\Application Data\uTorrent
2009-01-04 00:02 --------- d-----w c:\program files\Navilog1
2009-01-02 21:07 --------- d-----w c:\documents and settings\edwige\Application Data\LimeWire
2009-01-02 20:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-02 13:41 --------- d-----w c:\program files\Java
2008-12-28 23:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 17:11 --------- d-----w c:\program files\InternetProgram
2008-12-28 14:03 --------- d-----w c:\documents and settings\edwige\Application Data\Samsung
2008-12-28 13:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 17:12 4,967,424 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-12-23 10:34 18,077,696 ----a-w c:\windows\RTHDCPL.EXE
2008-11-13 00:14 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 16:19 7,142 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2008-10-23 16:42 290,816 ----a-w c:\windows\vncutil.exe
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
1601-01-01 00:12 39,936 --sha-w c:\windows\system32\nunuwege.dll
1601-01-01 00:12 40,960 --sha-w c:\windows\system32\vawinaso.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2008-12-18 1667141]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\epm-dm.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIACE.EXE"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-08-10 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-08-10 4392]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-08-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-08-10 78208]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-08-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-08-10 4010]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-20 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e72898-2c81-11db-bc5b-00166f44482b}]
\Shell\AutoRun\command - F:\Loader.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6697df4-8425-11dd-bf6c-00166f44482b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef177916-99d0-11dc-be48-00166f44482b}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:43:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 23:47:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-05 22:47:31

Avant-CF: 6 680 393 728 octets libres
Après-CF: 6,868,678,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-20 17:31:51

voici,
ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 22:00 . 2009-01-05 22:17 <REP> d-------- C:\Lop SD
2009-01-05 21:47 . 2009-01-05 21:47 <REP> d-------- c:\program files\Trend Micro
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-04 01:00 . 2006-01-06 05:25 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-04 01:00 . 2009-01-04 01:00 <REP> d-------- c:\documents and settings\Administrateur
2009-01-02 14:41 . 2009-01-02 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-29 00:04 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-29 00:03 . 2008-12-29 00:03 <REP> d-------- c:\program files\Realtek
2008-12-28 22:26 . 2008-12-30 23:14 <REP> d-------- C:\Downloads
2008-12-28 22:24 . 2009-01-05 23:17 <REP> d-------- c:\documents and settings\edwige\Application Data\Software Informer
2008-12-28 22:23 . 2008-12-28 22:23 <REP> d-------- c:\program files\Software Informer
2008-12-28 22:23 . 2008-12-30 23:16 <REP> d-------- c:\program files\Free Download Manager
2008-12-28 20:42 . 2008-12-30 23:19 <REP> d-------- c:\program files\ma-config.com
2008-12-28 20:42 . 2008-12-30 23:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\edwige\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 15:18 . 2008-12-28 15:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-28 14:15 . 2008-12-28 14:15 <REP> d-------- c:\program files\Lavasoft
2008-12-28 14:15 . 2008-12-28 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-28 13:43 . 2009-01-02 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 13:36 . 2008-12-28 13:36 2,724 ---hs---- c:\windows\system32\nezogeju.dll
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-20 19:36 . 2008-12-20 19:36 <REP> d-------- c:\program files\Guillemot
2008-12-20 19:36 . 2007-03-23 14:57 118,784 --a------ c:\windows\system32\HDJAPI.dll
2008-12-20 19:36 . 2005-01-28 12:49 106,496 --a------ c:\windows\system32\GUStrLib.dll
2008-12-20 19:36 . 2007-01-09 14:47 86,016 --a------ c:\windows\system32\HRFDongle.dll
2008-12-20 19:36 . 2007-02-08 19:23 39,296 --a------ c:\windows\system32\drivers\HDJMidi.sys
2008-12-20 19:36 . 2007-03-23 14:58 23,040 --a------ c:\windows\system32\HDJSAPI.dll
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\program files\Avira
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:44 --------- d-----w c:\documents and settings\edwige\Application Data\OpenOffice.org2
2009-01-05 20:28 --------- d-----w c:\documents and settings\edwige\Application Data\uTorrent
2009-01-04 00:02 --------- d-----w c:\program files\Navilog1
2009-01-02 21:07 --------- d-----w c:\documents and settings\edwige\Application Data\LimeWire
2009-01-02 20:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-02 13:41 --------- d-----w c:\program files\Java
2008-12-28 23:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 17:11 --------- d-----w c:\program files\InternetProgram
2008-12-28 14:03 --------- d-----w c:\documents and settings\edwige\Application Data\Samsung
2008-12-28 13:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 17:12 4,967,424 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-12-23 10:34 18,077,696 ----a-w c:\windows\RTHDCPL.EXE
2008-11-13 00:14 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 16:19 7,142 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2008-10-23 16:42 290,816 ----a-w c:\windows\vncutil.exe
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
1601-01-01 00:12 39,936 --sha-w c:\windows\system32\nunuwege.dll
1601-01-01 00:12 40,960 --sha-w c:\windows\system32\vawinaso.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2008-12-18 1667141]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\epm-dm.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIACE.EXE"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-08-10 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-08-10 4392]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-08-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-08-10 78208]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-08-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-08-10 4010]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-20 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e72898-2c81-11db-bc5b-00166f44482b}]
\Shell\AutoRun\command - F:\Loader.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6697df4-8425-11dd-bf6c-00166f44482b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef177916-99d0-11dc-be48-00166f44482b}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:43:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 23:47:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-05 22:47:31

Avant-CF: 6 680 393 728 octets libres
Après-CF: 6,868,678,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-20 17:31:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:47, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230903626063&h=67b6e5cac13e22b62cbd29b1917b9af3/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 06/01/2009| 0:10 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\InternetProgram
C:\Program Files\InternetProgram\InternetProgram.dat
C:\Program Files\InternetProgram\pcre3.dll
C:\Program Files\InternetProgram\uninstall.exe
C:\DOCUME~1\edwige\APPLIC~1\WhenU
C:\DOCUME~1\edwige\APPLIC~1\WhenU\dtStore.dat
C:\Program Files\Fichiers communs\WhenU
C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.orange.fr/portail"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 06/01/2009| 0:11 - Option : [1]

-----------\\ Fin du rapport a 0:11:11,71

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 06/01/2009| 9:32 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\InternetProgram\InternetProgram.dat
Supprime! - C:\Program Files\InternetProgram\pcre3.dll
Supprime! - C:\Program Files\InternetProgram\uninstall.exe
Supprime! - C:\DOCUME~1\edwige\APPLIC~1\WhenU\dtStore.dat
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
Supprime! - C:\Program Files\InternetProgram
Supprime! - C:\DOCUME~1\edwige\APPLIC~1\WhenU
Supprime! - C:\Program Files\Fichiers communs\WhenU

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.orange.fr/portail"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 06/01/2009| 0:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 06/01/2009| 9:33 - Option : [2]

-----------\\ Fin du rapport a 9:33:38,34

le logiciel javara bloque pour les mises a jour, il ne repond pas

ça ne marche pa et j'ai toujours des virus ds le fichiers dll

voici ce qui a été detecté par mon antivirus:
Dans le fichier 'C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP649\A0081409.dll'
un virus ou un programme indésirable 'TR/Trash.Gen' [trojan] a été détecté.

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 06 20:58:39 2009

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

------------------------------------

Finished reporting.



JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 06 20:59:44 2009

------------------------------------

Finished reporting.

rapport juste au dessus

Bah maintenant il y a les fichiers torrent que mon ordi ne reconnait plus mis a part ça ... tt fonctionne

avc bit torrent mais mon ordi consideren ce type de fichier comme non reconnu