Infection multiple virtumonde vundo msjuan...

uncleone Messages postés 19 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'ai récupéré un ordi avec XP SP2 utilisé par des amis. Pas de pare feu activé et pas d'antivirus ni d'anti spyware.
en installant Spybot et antivir j'ai une collection de malware spywre et adwre dont je n'arrive pas à me défaire totalement.
il me reste virtumonde MywayMyWebsearch et d'autres qui reviennent malgré l'utilisation de MalwarebytesAntimalware, VundoFix,..
je ne suis pas assez calé pour interpréter les logsde HijackThis
pouvez vous m'aider merci d'avance
Configuration: Windows XP Internet Explorer 6.0

29 réponses

  • 1
  • 2
Résumé de la discussion

Un ordinateur sous Windows XP SP2, sans pare-feu ni antivirus, est infesté par des malwares comme Virtumonde, MyWebSearch et Vundo, malgré l’utilisation de Malwarebytes et d’outils de déminage. Selon la meilleure réponse, une procédure de nettoyage a été menée avec Malwarebytes puis ComboFix, et des suppressions ciblées de composants comme cqfwaftt.dll et des BHO, afin d’empêcher la régénération du malware. Des questions restaient sur l’incidence des entrées de registre Run et sur l’utilisation des déminages sans échec et la restauration, et sur l’interprétation des journaux HijackThis pour prévenir une nouvelle recontamination. En cas d’évolution, la discussion indique d’effectuer les réparations en mode sans échec, puis de désactiver la restauration et de vérifier les démarrages et services non essentiels.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt tu as le rapport malwarebyte antimalware svp

    et

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. uncleone Messages postés 19 Statut Membre
     
    merci de la rapidité
    j'ai relancer un scan de Malwarebytes ça a pris 2 heures
    j'applique les conseils donnés et je poste le tout dqp
    merci
    0
  3. uncleone Messages postés 19 Statut Membre
     
    je poste les rapports
    info.txt logfile of random's system information tool 1.05 2009-01-08 22:29:22

    ======Uninstall list======

    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 Plugin-->D:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->D:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
    ASUS Enhanced Display Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
    ASUS nVIDIA Driver-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1036
    Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    BJC-250-->D:\WINDOWS\System32\CNMCP14.EXE -@D:\WINDOWS\IsUn040c.exe -f"D:\BJPrinter\CNMWINDOWS\Canon BJC-250 Installer\Inst\DeIsL1.isu" -pCanon BJC-250-c"D:\BJPrinter\CNMWINDOWS\Canon BJC-250 Installer\Inst\bjinst.dll
    CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
    Correctif Windows XP - KB873339-->D:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835-->D:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836-->D:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302-->D:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859-->"D:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781-->D:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    DeepBurner v1.7.1.213-->"D:\DeepBurner\Uninstall.exe" "D:\DeepBurner\install.log"
    DVD Shrink 3.2-->"D:\DVD Shrink\unins000.exe"
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar2.dll"
    High Definition Audio Driver Package - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"D:\Documents and Settings\Mamet\Bureau\HijackThis.exe" /uninstall
    Intel Audio Studio 2.0-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x40c
    Intel(R) Active Client Manager 2.0 HECI Driver-->D:\WINDOWS\System32\heciudlg.exe -uninstall
    Intel(R) PRO Network Connections-->MsiExec.exe /I{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}
    Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
    Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"D:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"D:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"D:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046)-->"D:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756)-->"D:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358)-->"D:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423)-->"D:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424)-->"D:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428)-->"D:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587)-->"D:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591)-->"D:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725)-->"D:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017)-->"D:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214)-->"D:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400)-->"D:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414)-->"D:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749)-->"D:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519)-->"D:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562)-->"D:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927)-->"D:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919)-->"D:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580)-->"D:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388)-->"D:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389)-->"D:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344)-->"D:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422)-->"D:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953)-->"D:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007)-->"D:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670)-->"D:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683)-->"D:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685)-->"D:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921398)-->"D:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921883)-->"D:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922616)-->"D:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819)-->"D:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191)-->"D:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414)-->"D:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191)-->"D:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496)-->"D:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531)-->"D:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437)-->"D:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280)-->"D:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    NVIDIA Drivers-->D:\WINDOWS\System32\nvudisp.exe UninstallGUI
    Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    Picasa 2-->"D:\Picasa2\Uninstall.exe"
    Programme de gestion Camera de Logitech®-->"D:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    SigmaTel Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x40c -remove -removeonly
    Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster 4.1-->"D:\Program Files\SpywareBlaster\unins000.exe"
    Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
    Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 2-->D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic

    System event log

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Mamet at 2009-01-08 22:29:12
    Microsoft Windows XP Professionnel Service Pack 2
    System drive D: has 4 GB (7%) free of 56 GB
    Total RAM: 502 MB (38% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    D:\WINDOWS\tasks\AppleSoftwareUpdate.job
    D:\WINDOWS\tasks\bdlexcsv.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    Ask Search Assistant BHO - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-01-02 66912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62761C2C-8EA6-451B-A658-B49DB743189E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-18 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8177813A-E778-4D08-8EDA-2E59B28C9964}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55023C7-13C7-468C-B15A-5FDE29185907}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-24 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B73F3E9D-4864-44FC-A2A6-5B3993E427E2}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "SigmatelSysTrayApp"=sttray.exe []
    "IntelAudioStudio"=D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-06-07 9129984]
    "NvCplDaemon"=D:\WINDOWS\System32\NvCpl.dll [2007-06-29 8466432]
    "QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
    "Adobe Photo Downloader"=D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe [2008-04-01 61440]
    "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-18 136600]
    "avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "WUSB54GPv4"=D:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe []
    "UpdReg"=D:\WINDOWS\UpdReg.EXE []
    "RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
    "P17Helper"=Rundll32 P17.dll []
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=D:\WINDOWS\System32\NvMcTray.dll [2007-06-29 81920]
    "LogitechVideoTray"=D:\Program Files\Logitech\Video\LogiTray.exe [2004-02-12 77824]
    "LogitechVideoRepair"=D:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416]
    "LiveMonitor"=D:\Program Files\MSI\Live Update 3\LMonitor.exe []
    "KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
    "High Definition Audio Property Page Shortcut"=D:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "CTSysVol"=D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r []
    "ATIModeChange"=Ati2mdxx.exe []
    "ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []
    "382b1e54"=D:\WINDOWS\System32\cqfwaftt.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
    "msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
    "swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-18 68856]
    "SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
    "MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2004-08-20 1667584]

    D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Wireless LAN Utility.lnk - D:\Program Files\WLAN\WLAN\wlanutil.exe
    PC Alert 4.lnk - D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    Microsoft Office.lnk - D:\Microsoft Office\Office\OSA9.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="mabajf.dll mkyscq.dll poioks.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRLeeBQ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======File associations======

    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-01-08 22:29:13 ----D---- D:\Program Files\trend micro
    2009-01-08 22:29:12 ----D---- D:\rsit
    2009-01-08 19:45:28 ----A---- D:\WINDOWS\ntbtlog.txt
    2009-01-07 23:39:00 ----HD---- D:\WINDOWS\$NtUninstallKB911565$
    2009-01-07 23:34:14 ----SHD---- D:\Config.Msi
    2009-01-07 23:31:38 ----A---- D:\WINDOWS\OEWABLog.txt
    2009-01-07 23:30:39 ----D---- D:\WINDOWS\Prefetch
    2009-01-07 23:19:18 ----HD---- D:\WINDOWS\$NtUninstallKB899587$
    2009-01-07 23:18:23 ----HD---- D:\WINDOWS\$NtUninstallKB924191$
    2009-01-07 23:17:32 ----HD---- D:\WINDOWS\$NtUninstallKB922819$
    2009-01-07 23:16:45 ----HD---- D:\WINDOWS\$NtUninstallKB885835$
    2009-01-07 23:16:05 ----HD---- D:\WINDOWS\$NtUninstallKB921883$
    2009-01-07 23:15:28 ----HD---- D:\WINDOWS\$NtUninstallKB911927$
    2009-01-07 23:14:44 ----HD---- D:\WINDOWS\$NtUninstallKB922616$
    2009-01-07 23:14:06 ----HD---- D:\WINDOWS\$NtUninstallKB899591$
    2009-01-07 23:13:21 ----HD---- D:\WINDOWS\$NtUninstallKB893756$
    2009-01-07 23:12:36 ----HD---- D:\WINDOWS\$NtUninstallKB911280$
    2009-01-07 23:11:52 ----HD---- D:\WINDOWS\$NtUninstallKB911562$
    2009-01-07 23:11:04 ----HD---- D:\WINDOWS\$NtUninstallKB896423$
    2009-01-07 23:10:23 ----HD---- D:\WINDOWS\$NtUninstallKB873339$
    2009-01-07 23:09:38 ----HD---- D:\WINDOWS\$NtUninstallKB924496$
    2009-01-07 23:08:46 ----HD---- D:\WINDOWS\$NtUninstallKB921398$
    2009-01-07 23:07:58 ----HD---- D:\WINDOWS\$NtUninstallKB896358$
    2009-01-07 23:07:12 ----HD---- D:\WINDOWS\$NtUninstallKB910437$
    2009-01-07 23:06:34 ----HD---- D:\WINDOWS\$NtUninstallKB920670$
    2009-01-07 23:05:57 ----HD---- D:\WINDOWS\$NtUninstallKB891781$
    2009-01-07 23:05:15 ----HD---- D:\WINDOWS\$NtUninstallKB890046$
    2009-01-07 23:04:22 ----HD---- D:\WINDOWS\$NtUninstallKB919007$
    2009-01-07 23:03:28 ----HD---- D:\WINDOWS\$NtUninstallKB917344$
    2009-01-07 23:02:42 ----HD---- D:\WINDOWS\$NtUninstallKB905414$
    2009-01-07 23:01:54 ----HD---- D:\WINDOWS\$NtUninstallKB917953$
    2009-01-07 23:01:01 ----HD---- D:\WINDOWS\$NtUninstallKB901214$
    2009-01-07 23:00:08 ----HD---- D:\WINDOWS\$NtUninstallKB923191$
    2009-01-07 22:59:12 ----HD---- D:\WINDOWS\$NtUninstallKB888302$
    2009-01-07 22:58:16 ----HD---- D:\WINDOWS\$NtUninstallKB900725$
    2009-01-07 22:57:22 ----HD---- D:\WINDOWS\$NtUninstallKB912919$
    2009-01-07 22:56:25 ----HD---- D:\WINDOWS\$NtUninstallKB908531$
    2009-01-07 22:55:33 ----HD---- D:\WINDOWS\$NtUninstallKB905749$
    2009-01-07 22:54:38 ----HD---- D:\WINDOWS\$NtUninstallKB920683$
    2009-01-07 22:53:43 ----HD---- D:\WINDOWS\$NtUninstallKB885836$
    2009-01-07 22:53:06 ----HD---- D:\WINDOWS\$NtUninstallKB901017$
    2009-01-07 22:52:27 ----HD---- D:\WINDOWS\$NtUninstallKB920685$
    2009-01-07 22:51:46 ----HD---- D:\WINDOWS\$NtUninstallKB914388$
    2009-01-07 22:51:02 ----HD---- D:\WINDOWS\$NtUninstallKB917422$
    2009-01-07 22:50:16 ----HD---- D:\WINDOWS\$NtUninstallKB896428$
    2009-01-07 22:49:30 ----HD---- D:\WINDOWS\$NtUninstallKB908519$
    2009-01-07 22:48:47 ----HD---- D:\WINDOWS\$NtUninstallKB914389$
    2009-01-07 22:48:01 ----HD---- D:\WINDOWS\$NtUninstallKB890859$
    2009-01-07 22:47:17 ----HD---- D:\WINDOWS\$NtUninstallKB923414$
    2009-01-07 22:46:32 ----HD---- D:\WINDOWS\$NtUninstallKB896424$
    2009-01-07 22:45:33 ----HD---- D:\WINDOWS\$NtUninstallKB902400$
    2009-01-07 22:44:46 ----HD---- D:\WINDOWS\$NtUninstallKB913580$
    2009-01-07 22:42:06 ----A---- D:\WINDOWS\setuplog.txt
    2009-01-07 22:42:04 ----A---- D:\WINDOWS\system32\wmpns.dll
    2009-01-07 22:40:55 ----D---- D:\WINDOWS\peernet
    2009-01-07 22:40:54 ----D---- D:\WINDOWS\provisioning
    2009-01-07 22:38:49 ----D---- D:\WINDOWS\ServicePackFiles
    2009-01-07 22:31:49 ----HD---- D:\WINDOWS\$NtServicePackUninstall$
    2009-01-07 22:31:45 ----D---- D:\WINDOWS\EHome
    2009-01-07 21:05:19 ----N---- D:\WINDOWS\system32\spnpinst.exe
    2009-01-07 20:25:46 ----HD---- D:\WINDOWS\$NtUninstallKB899587_0$
    2009-01-07 20:25:23 ----HD---- D:\WINDOWS\$NtUninstallKB924191_0$
    2009-01-07 20:24:58 ----HD---- D:\WINDOWS\$NtUninstallKB922819_0$
    2009-01-07 20:24:35 ----HD---- D:\WINDOWS\$NtUninstallKB885835_0$
    2009-01-07 20:24:12 ----HD---- D:\WINDOWS\$NtUninstallKB885836_0$
    2009-01-07 20:23:52 ----HD---- D:\WINDOWS\$NtUninstallKB921883_0$
    2009-01-07 20:23:30 ----HD---- D:\WINDOWS\$NtUninstallKB911927_0$
    2009-01-07 20:23:08 ----HD---- D:\WINDOWS\$NtUninstallKB922616_0$
    2009-01-07 20:22:45 ----HD---- D:\WINDOWS\$NtUninstallKB901017_0$
    2009-01-07 20:22:24 ----HD---- D:\WINDOWS\$NtUninstallKB899591_0$
    2009-01-07 20:22:00 ----HD---- D:\WINDOWS\$NtUninstallKB920685_0$
    2009-01-07 20:21:39 ----HD---- D:\WINDOWS\$NtUninstallKB893756_0$
    2009-01-07 20:21:15 ----HD---- D:\WINDOWS\$NtUninstallKB911280_0$
    2009-01-07 20:20:54 ----HD---- D:\WINDOWS\$NtUninstallKB911562_0$
    2009-01-07 20:20:31 ----HD---- D:\WINDOWS\$NtUninstallKB896423_0$
    2009-01-07 20:19:21 ----A---- D:\WINDOWS\system32\MRT.exe
    2009-01-07 20:18:59 ----HD---- D:\WINDOWS\$NtUninstallKB873339_0$
    2009-01-07 20:18:20 ----HD---- D:\WINDOWS\$NtUninstallKB924496_0$
    2009-01-07 20:17:56 ----HD---- D:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
    2009-01-07 20:16:57 ----HD---- D:\WINDOWS\$NtUninstallKB921398_0$
    2009-01-07 20:16:36 ----HD---- D:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
    2009-01-07 20:16:13 ----HD---- D:\WINDOWS\$NtUninstallKB896358_0$
    2009-01-07 20:15:53 ----HD---- D:\WINDOWS\$NtUninstallKB910437_0$
    2009-01-07 20:15:34 ----HD---- D:\WINDOWS\$NtUninstallKB905495$
    2009-01-07 20:15:12 ----HD---- D:\WINDOWS\$NtUninstallKB911564$
    2009-01-07 20:14:34 ----HD---- D:\WINDOWS\$NtUninstallKB920670_0$
    2009-01-07 20:14:15 ----HD---- D:\WINDOWS\$NtUninstallKB891781_0$
    2009-01-07 20:14:08 ----A---- D:\WINDOWS\setdebug.exe
    2009-01-07 20:14:07 ----A---- D:\WINDOWS\system32\jit.dll
    2009-01-07 20:14:07 ----A---- D:\WINDOWS\system32\javaee.dll
    2009-01-07 20:14:06 ----A---- D:\WINDOWS\system32\dx3j.dll
    2009-01-07 20:14:00 ----A---- D:\WINDOWS\system32\wjview.exe
    2009-01-07 20:14:00 ----A---- D:\WINDOWS\system32\vmhelper.dll
    2009-01-07 20:13:59 ----A---- D:\WINDOWS\system32\msjdbc10.dll
    2009-01-07 20:13:59 ----A---- D:\WINDOWS\system32\msjava.dll
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\msawt.dll
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\jview.exe
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\jdbgmgr.exe
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javart.dll
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javaprxy.dll
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javacypt.dll
    2009-01-07 20:13:56 ----A---- D:\WINDOWS\system32\clspack.exe
    2009-01-07 20:13:37 ----HD---- D:\WINDOWS\$NtUninstallKB890046_0$
    2009-01-07 20:13:17 ----HD---- D:\WINDOWS\$NtUninstallKB919007_0$
    2009-01-07 20:12:52 ----HD---- D:\WINDOWS\$NtUninstallKB914388_0$
    2009-01-07 20:12:31 ----HD---- D:\WINDOWS\$NtUninstallKB917344_0$
    2009-01-07 20:12:10 ----HD---- D:\WINDOWS\$NtUninstallKB905414_0$
    2009-01-07 20:11:50 ----HD---- D:\WINDOWS\$NtUninstallKB917953_0$
    2009-01-07 20:11:30 ----HD---- D:\WINDOWS\$NtUninstallKB917734_WMP8$
    2009-01-07 20:10:47 ----HD---- D:\WINDOWS\$NtUninstallKB901214_0$
    2009-01-07 20:10:26 ----HD---- D:\WINDOWS\$NtUninstallKB923191_0$
    2009-01-07 20:10:06 ----HD---- D:\WINDOWS\$NtUninstallKB917422_0$
    2009-01-07 20:09:47 ----HD---- D:\WINDOWS\$NtUninstallKB888302_0$
    2009-01-07 20:09:24 ----HD---- D:\WINDOWS\$NtUninstallKB900725_0$
    2009-01-07 20:09:03 ----HD---- D:\WINDOWS\$NtUninstallKB912919_0$
    2009-01-07 20:08:34 ----HD---- D:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
    2009-01-07 20:08:14 ----HD---- D:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
    2009-01-07 20:07:53 ----HD---- D:\WINDOWS\$NtUninstallKB908531_0$
    2009-01-07 20:07:37 ----HD---- D:\WINDOWS\$NtUninstallKB905749_0$
    2009-01-07 20:07:20 ----HD---- D:\WINDOWS\$NtUninstallKB896428_0$
    2009-01-07 20:07:03 ----HD---- D:\WINDOWS\$NtUninstallKB835409$
    2009-01-07 20:06:47 ----HD---- D:\WINDOWS\$NtUninstallKB908519_0$
    2009-01-07 20:06:30 ----HD---- D:\WINDOWS\$NtUninstallKB920683_0$
    2009-01-07 20:06:11 ----HD---- D:\WINDOWS\$NtUninstallKB914389_0$
    2009-01-07 20:05:38 ----HD---- D:\WINDOWS\$NtUninstallKB890859_0$
    2009-01-07 16:03:17 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2009-01-07 15:55:34 ----A---- D:\WINDOWS\system32\shlwapi.dll
    2009-01-07 15:55:34 ----A---- D:\WINDOWS\system32\linkinfo.dll
    2009-01-07 15:51:55 ----A---- D:\WINDOWS\system32\shsvcs.dll
    2009-01-07 15:51:55 ----A---- D:\WINDOWS\system32\cscdll.dll
    2009-01-07 15:50:26 ----A---- D:\WINDOWS\system32\tapisrv.dll
    2009-01-07 15:47:41 ----A---- D:\WINDOWS\system32\hypertrm.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\sxs.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\shell32.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\fldrclnr.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\wship6.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ws2_32.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\netsh.exe
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ipv6mon.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ipv6.exe
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\iphlpapi.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\inetmib1.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\6to4svc.dll
    2009-01-07 15:40:38 ----A---- D:\WINDOWS\system32\esent.dll
    2009-01-07 15:26:04 ----A---- D:\WINDOWS\system32\verclsid.exe
    2009-01-07 15:24:42 ----A---- D:\WINDOWS\system32\netman.dll
    2009-01-07 15:24:09 ----A---- D:\WINDOWS\system32\msxml3.dll
    2009-01-07 15:23:47 ----A---- D:\WINDOWS\system32\netapi32.dll
    2009-01-07 15:23:33 ----A---- D:\WINDOWS\system32\shdocvw.dll
    2009-01-07 15:23:33 ----A---- D:\WINDOWS\system32\browseui.dll
    2009-01-07 15:22:58 ----A---- D:\WINDOWS\system32\jscript.dll
    2009-01-07 15:22:34 ----A---- D:\WINDOWS\system32\mscms.dll
    2009-01-07 15:21:53 ----A---- D:\WINDOWS\system32\umpnpmgr.dll
    2009-01-07 15:21:29 ----A---- D:\WINDOWS\system32\kerberos.dll
    2009-01-07 15:21:15 ----A---- D:\WINDOWS\system32\webclnt.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\winipsec.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\rasmans.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\polstore.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\oakley.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsmsnap.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsecsvc.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsecsnp.dll
    2009-01-07 15:13:33 ----HD---- D:\WINDOWS\$NtUninstallKB923414_0$
    2009-01-07 15:13:06 ----HD---- D:\WINDOWS\$NtUninstallKB896424_0$
    2009-01-07 15:12:48 ----D---- D:\WINDOWS\system32\bits
    2009-01-07 15:12:34 ----HD---- D:\WINDOWS\$NtUninstallKB842773$
    2009-01-07 15:12:00 ----HD---- D:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-01-07 15:11:42 ----A---- D:\WINDOWS\system32\rasadhlp.dll
    2009-01-07 15:11:42 ----A---- D:\WINDOWS\system32\dnsapi.dll
    2009-01-07 15:11:12 ----HD---- D:\WINDOWS\$NtUninstallKB902400_0$
    2009-01-07 15:10:31 ----HD---- D:\WINDOWS\$NtUninstallKB904706$
    2009-01-07 15:09:38 ----HD---- D:\WINDOWS\$NtUninstallKB892944$
    2009-01-07 15:09:24 ----A---- D:\WINDOWS\imsins.BAK
    2009-01-07 15:08:56 ----HD---- D:\WINDOWS\$NtUninstallKB913580_0$
    2009-01-07 15:07:29 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
    2009-01-07 15:07:28 ----D---- D:\WINDOWS\system32\SoftwareDistribution
    2009-01-07 14:22:27 ----D---- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22:12 ----D---- D:\Program Files\SUPERAntiSpyware
    2009-01-07 14:22:12 ----D---- D:\Documents and Settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:15:34 ----A---- D:\WINDOWS\system32\tmp.txt
    2009-01-07 01:15:22 ----A---- D:\rapport.txt
    2009-01-06 21:53:36 ----D---- D:\Documents and Settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53:24 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
    2009-01-06 19:05:37 ----A---- D:\WINDOWS\system32\3308da2a-.txt
    2008-12-30 18:21:46 ----D---- D:\VundoFix Backups
    2008-12-30 18:21:46 ----A---- D:\VundoFix.txt
    2008-12-30 18:03:37 ----A---- D:\WINDOWS\SchedLgU.Txt
    2008-12-30 16:02:26 ----A---- D:\WINDOWS\system32\poioks.dll
    2008-12-30 16:02:23 ----A---- D:\WINDOWS\system32\jjdktvhi.dll
    2008-12-30 15:42:57 ----D---- D:\Program Files\Avira
    2008-12-30 15:42:57 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
    2008-12-30 15:25:59 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-30 15:25:54 ----D---- D:\Program Files\SpywareBlaster
    2008-12-29 18:30:55 ----D---- D:\Program Files\Panda Security
    2008-12-29 17:34:56 ----SHD---- D:\FOUND.005
    2008-12-28 14:09:30 ----SHD---- D:\FOUND.004
    2008-12-27 17:10:00 ----SH---- D:\WINDOWS\system32\ttfawfqc.ini
    2008-12-27 17:08:03 ----A---- D:\WINDOWS\system32\mkyscq.dll
    2008-12-27 17:08:00 ----A---- D:\WINDOWS\system32\gpnkylva.dll
    2008-12-25 22:23:38 ----SHD---- D:\FOUND.003
    2008-12-25 20:11:10 ----SH---- D:\WINDOWS\system32\ynqernvd.ini
    2008-12-25 01:04:21 ----A---- D:\WINDOWS\system32\MFC71.dll
    2008-12-25 01:04:18 ----D---- D:\Program Files\Alwil Software
    2008-12-24 19:14:53 ----A---- D:\WINDOWS\system32\igdjxa.dll
    2008-12-24 19:14:52 ----SH---- D:\WINDOWS\system32\vtwniopc.ini
    2008-12-24 19:14:51 ----A---- D:\WINDOWS\system32\lvqevsoh.dll
    2008-12-23 21:08:08 ----A---- D:\WINDOWS\system32\mabajf.dll
    2008-12-23 21:08:05 ----A---- D:\WINDOWS\system32\axfulrdo.dll
    2008-12-23 19:12:45 ----SH---- D:\WINDOWS\system32\sqvvaomb.ini
    2008-12-23 19:10:31 ----ASH---- D:\WINDOWS\system32\deMooUtv.ini
    2008-12-18 18:19:42 ----D---- D:\Program Files\Spybot - Search & Destroy
    2008-12-18 18:19:42 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-18 17:44:43 ----A---- D:\WINDOWS\system32\deploytk.dll

    ======List of files/folders modified in the last 1 months======

    2009-01-08 19:51:10 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-08 17:15:06 ----A---- D:\WINDOWS\win.ini
    2009-01-08 17:15:06 ----A---- D:\WINDOWS\system.ini
    2008-12-23 21:37:08 ----A---- D:\WINDOWS\WININIT.INI
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\javaws.exe
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\javaw.exe
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\java.exe
    2008-12-15 14:40:08 ----A---- D:\WINDOWS\ODBC.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; D:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
    R1 avgntdd;avgntdd; D:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
    R1 avipbb;avipbb; D:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-12-30 75072]
    R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320]
    R1 ssmdrv;ssmdrv; D:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R2 EIO;EIO; \??\D:\WINDOWS\system32\drivers\EIO.sys []
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; D:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
    R2 NwlnkNb;NetBIOS NWLink; D:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-04 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; D:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-04 55936]
    R2 tmcomm;tmcomm; \??\D:\WINDOWS\System32\drivers\tmcomm.sys []
    R3 Arp1394;Protocole client ARP 1394; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; D:\WINDOWS\System32\DRIVERS\e1e5132.sys [2006-06-05 230400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HECI;Intel(R) Management Engine Interface; D:\WINDOWS\System32\DRIVERS\HECI.sys [2006-06-01 43264]
    R3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
    R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; D:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
    R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
    S3 FLASHSYS;FLASHSYS; \??\D:\WINDOWS\System32\DRIVERS\FLASHSYS.sys []
    S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
    S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
    S3 ossrv;Creative OS Services Driver; D:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
    S3 P17;Sound Blaster Audigy; D:\WINDOWS\system32\drivers\P17.sys []
    S3 pepifilter;Volume Adapter; D:\WINDOWS\System32\DRIVERS\lv302af.sys [2004-01-21 5915]
    S3 PID_08A0;Labtec WebCam Pro(PID_08A0); D:\WINDOWS\System32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbaudio;Pilote USB audio (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
    S3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
    S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 WEBNTACCESS;WEBNTACCESS; \??\D:\WINDOWS\System32\NTACCESS.SYS []
    S3 WLAN_USB; Wireless LAN USB Driver; D:\WINDOWS\System32\DRIVERS\wlanUSB.sys [2002-01-17 50176]
    S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ATKKeyboardService;ATK Keyboard Service; D:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
    R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-18 152984]
    R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2007-06-29 155716]
    R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
    S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
    S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 138168]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; D:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

    -----------------EOF-----------------

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 899
    Windows 5.1.2600 Service Pack 2

    22:14:59 08/01/2009
    mbam-log-1-8-2009 (22-14-51).txt

    Type de recherche: Examen complet (D:\|)
    Eléments examinés: 91568
    Temps écoulé: 2 hour(s), 26 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54 (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    merci de ta patience
    0
  4. uncleone Messages postés 19 Statut Membre
     
    je poste les rapports
    info.txt logfile of random's system information tool 1.05 2009-01-08 22:29:22

    ======Uninstall list======

    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 Plugin-->D:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->D:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
    ASUS Enhanced Display Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
    ASUS nVIDIA Driver-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1036
    Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    BJC-250-->D:\WINDOWS\System32\CNMCP14.EXE -@D:\WINDOWS\IsUn040c.exe -f"D:\BJPrinter\CNMWINDOWS\Canon BJC-250 Installer\Inst\DeIsL1.isu" -pCanon BJC-250-c"D:\BJPrinter\CNMWINDOWS\Canon BJC-250 Installer\Inst\bjinst.dll
    CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
    Correctif Windows XP - KB873339-->D:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835-->D:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836-->D:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302-->D:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859-->"D:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781-->D:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    DeepBurner v1.7.1.213-->"D:\DeepBurner\Uninstall.exe" "D:\DeepBurner\install.log"
    DVD Shrink 3.2-->"D:\DVD Shrink\unins000.exe"
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar2.dll"
    High Definition Audio Driver Package - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"D:\Documents and Settings\Mamet\Bureau\HijackThis.exe" /uninstall
    Intel Audio Studio 2.0-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x40c
    Intel(R) Active Client Manager 2.0 HECI Driver-->D:\WINDOWS\System32\heciudlg.exe -uninstall
    Intel(R) PRO Network Connections-->MsiExec.exe /I{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}
    Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
    Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"D:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"D:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"D:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046)-->"D:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756)-->"D:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358)-->"D:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423)-->"D:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424)-->"D:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428)-->"D:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587)-->"D:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591)-->"D:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725)-->"D:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017)-->"D:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214)-->"D:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400)-->"D:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414)-->"D:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749)-->"D:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519)-->"D:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562)-->"D:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927)-->"D:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919)-->"D:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580)-->"D:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388)-->"D:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389)-->"D:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344)-->"D:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422)-->"D:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953)-->"D:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007)-->"D:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670)-->"D:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683)-->"D:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685)-->"D:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921398)-->"D:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921883)-->"D:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922616)-->"D:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819)-->"D:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191)-->"D:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414)-->"D:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191)-->"D:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496)-->"D:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531)-->"D:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437)-->"D:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280)-->"D:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    NVIDIA Drivers-->D:\WINDOWS\System32\nvudisp.exe UninstallGUI
    Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    Picasa 2-->"D:\Picasa2\Uninstall.exe"
    Programme de gestion Camera de Logitech®-->"D:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    SigmaTel Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x40c -remove -removeonly
    Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster 4.1-->"D:\Program Files\SpywareBlaster\unins000.exe"
    Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
    Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 2-->D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic

    System event log

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Mamet at 2009-01-08 22:29:12
    Microsoft Windows XP Professionnel Service Pack 2
    System drive D: has 4 GB (7%) free of 56 GB
    Total RAM: 502 MB (38% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    D:\WINDOWS\tasks\AppleSoftwareUpdate.job
    D:\WINDOWS\tasks\bdlexcsv.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    Ask Search Assistant BHO - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-01-02 66912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62761C2C-8EA6-451B-A658-B49DB743189E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-18 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8177813A-E778-4D08-8EDA-2E59B28C9964}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55023C7-13C7-468C-B15A-5FDE29185907}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-24 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B73F3E9D-4864-44FC-A2A6-5B3993E427E2}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "SigmatelSysTrayApp"=sttray.exe []
    "IntelAudioStudio"=D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-06-07 9129984]
    "NvCplDaemon"=D:\WINDOWS\System32\NvCpl.dll [2007-06-29 8466432]
    "QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
    "Adobe Photo Downloader"=D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe [2008-04-01 61440]
    "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-18 136600]
    "avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "WUSB54GPv4"=D:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe []
    "UpdReg"=D:\WINDOWS\UpdReg.EXE []
    "RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
    "P17Helper"=Rundll32 P17.dll []
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=D:\WINDOWS\System32\NvMcTray.dll [2007-06-29 81920]
    "LogitechVideoTray"=D:\Program Files\Logitech\Video\LogiTray.exe [2004-02-12 77824]
    "LogitechVideoRepair"=D:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416]
    "LiveMonitor"=D:\Program Files\MSI\Live Update 3\LMonitor.exe []
    "KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
    "High Definition Audio Property Page Shortcut"=D:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "CTSysVol"=D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r []
    "ATIModeChange"=Ati2mdxx.exe []
    "ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []
    "382b1e54"=D:\WINDOWS\System32\cqfwaftt.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
    "msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
    "swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-18 68856]
    "SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
    "MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2004-08-20 1667584]

    D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Wireless LAN Utility.lnk - D:\Program Files\WLAN\WLAN\wlanutil.exe
    PC Alert 4.lnk - D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    Microsoft Office.lnk - D:\Microsoft Office\Office\OSA9.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="mabajf.dll mkyscq.dll poioks.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRLeeBQ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======File associations======

    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-01-08 22:29:13 ----D---- D:\Program Files\trend micro
    2009-01-08 22:29:12 ----D---- D:\rsit
    2009-01-08 19:45:28 ----A---- D:\WINDOWS\ntbtlog.txt
    2009-01-07 23:39:00 ----HD---- D:\WINDOWS\$NtUninstallKB911565$
    2009-01-07 23:34:14 ----SHD---- D:\Config.Msi
    2009-01-07 23:31:38 ----A---- D:\WINDOWS\OEWABLog.txt
    2009-01-07 23:30:39 ----D---- D:\WINDOWS\Prefetch
    2009-01-07 23:19:18 ----HD---- D:\WINDOWS\$NtUninstallKB899587$
    2009-01-07 23:18:23 ----HD---- D:\WINDOWS\$NtUninstallKB924191$
    2009-01-07 23:17:32 ----HD---- D:\WINDOWS\$NtUninstallKB922819$
    2009-01-07 23:16:45 ----HD---- D:\WINDOWS\$NtUninstallKB885835$
    2009-01-07 23:16:05 ----HD---- D:\WINDOWS\$NtUninstallKB921883$
    2009-01-07 23:15:28 ----HD---- D:\WINDOWS\$NtUninstallKB911927$
    2009-01-07 23:14:44 ----HD---- D:\WINDOWS\$NtUninstallKB922616$
    2009-01-07 23:14:06 ----HD---- D:\WINDOWS\$NtUninstallKB899591$
    2009-01-07 23:13:21 ----HD---- D:\WINDOWS\$NtUninstallKB893756$
    2009-01-07 23:12:36 ----HD---- D:\WINDOWS\$NtUninstallKB911280$
    2009-01-07 23:11:52 ----HD---- D:\WINDOWS\$NtUninstallKB911562$
    2009-01-07 23:11:04 ----HD---- D:\WINDOWS\$NtUninstallKB896423$
    2009-01-07 23:10:23 ----HD---- D:\WINDOWS\$NtUninstallKB873339$
    2009-01-07 23:09:38 ----HD---- D:\WINDOWS\$NtUninstallKB924496$
    2009-01-07 23:08:46 ----HD---- D:\WINDOWS\$NtUninstallKB921398$
    2009-01-07 23:07:58 ----HD---- D:\WINDOWS\$NtUninstallKB896358$
    2009-01-07 23:07:12 ----HD---- D:\WINDOWS\$NtUninstallKB910437$
    2009-01-07 23:06:34 ----HD---- D:\WINDOWS\$NtUninstallKB920670$
    2009-01-07 23:05:57 ----HD---- D:\WINDOWS\$NtUninstallKB891781$
    2009-01-07 23:05:15 ----HD---- D:\WINDOWS\$NtUninstallKB890046$
    2009-01-07 23:04:22 ----HD---- D:\WINDOWS\$NtUninstallKB919007$
    2009-01-07 23:03:28 ----HD---- D:\WINDOWS\$NtUninstallKB917344$
    2009-01-07 23:02:42 ----HD---- D:\WINDOWS\$NtUninstallKB905414$
    2009-01-07 23:01:54 ----HD---- D:\WINDOWS\$NtUninstallKB917953$
    2009-01-07 23:01:01 ----HD---- D:\WINDOWS\$NtUninstallKB901214$
    2009-01-07 23:00:08 ----HD---- D:\WINDOWS\$NtUninstallKB923191$
    2009-01-07 22:59:12 ----HD---- D:\WINDOWS\$NtUninstallKB888302$
    2009-01-07 22:58:16 ----HD---- D:\WINDOWS\$NtUninstallKB900725$
    2009-01-07 22:57:22 ----HD---- D:\WINDOWS\$NtUninstallKB912919$
    2009-01-07 22:56:25 ----HD---- D:\WINDOWS\$NtUninstallKB908531$
    2009-01-07 22:55:33 ----HD---- D:\WINDOWS\$NtUninstallKB905749$
    2009-01-07 22:54:38 ----HD---- D:\WINDOWS\$NtUninstallKB920683$
    2009-01-07 22:53:43 ----HD---- D:\WINDOWS\$NtUninstallKB885836$
    2009-01-07 22:53:06 ----HD---- D:\WINDOWS\$NtUninstallKB901017$
    2009-01-07 22:52:27 ----HD---- D:\WINDOWS\$NtUninstallKB920685$
    2009-01-07 22:51:46 ----HD---- D:\WINDOWS\$NtUninstallKB914388$
    2009-01-07 22:51:02 ----HD---- D:\WINDOWS\$NtUninstallKB917422$
    2009-01-07 22:50:16 ----HD---- D:\WINDOWS\$NtUninstallKB896428$
    2009-01-07 22:49:30 ----HD---- D:\WINDOWS\$NtUninstallKB908519$
    2009-01-07 22:48:47 ----HD---- D:\WINDOWS\$NtUninstallKB914389$
    2009-01-07 22:48:01 ----HD---- D:\WINDOWS\$NtUninstallKB890859$
    2009-01-07 22:47:17 ----HD---- D:\WINDOWS\$NtUninstallKB923414$
    2009-01-07 22:46:32 ----HD---- D:\WINDOWS\$NtUninstallKB896424$
    2009-01-07 22:45:33 ----HD---- D:\WINDOWS\$NtUninstallKB902400$
    2009-01-07 22:44:46 ----HD---- D:\WINDOWS\$NtUninstallKB913580$
    2009-01-07 22:42:06 ----A---- D:\WINDOWS\setuplog.txt
    2009-01-07 22:42:04 ----A---- D:\WINDOWS\system32\wmpns.dll
    2009-01-07 22:40:55 ----D---- D:\WINDOWS\peernet
    2009-01-07 22:40:54 ----D---- D:\WINDOWS\provisioning
    2009-01-07 22:38:49 ----D---- D:\WINDOWS\ServicePackFiles
    2009-01-07 22:31:49 ----HD---- D:\WINDOWS\$NtServicePackUninstall$
    2009-01-07 22:31:45 ----D---- D:\WINDOWS\EHome
    2009-01-07 21:05:19 ----N---- D:\WINDOWS\system32\spnpinst.exe
    2009-01-07 20:25:46 ----HD---- D:\WINDOWS\$NtUninstallKB899587_0$
    2009-01-07 20:25:23 ----HD---- D:\WINDOWS\$NtUninstallKB924191_0$
    2009-01-07 20:24:58 ----HD---- D:\WINDOWS\$NtUninstallKB922819_0$
    2009-01-07 20:24:35 ----HD---- D:\WINDOWS\$NtUninstallKB885835_0$
    2009-01-07 20:24:12 ----HD---- D:\WINDOWS\$NtUninstallKB885836_0$
    2009-01-07 20:23:52 ----HD---- D:\WINDOWS\$NtUninstallKB921883_0$
    2009-01-07 20:23:30 ----HD---- D:\WINDOWS\$NtUninstallKB911927_0$
    2009-01-07 20:23:08 ----HD---- D:\WINDOWS\$NtUninstallKB922616_0$
    2009-01-07 20:22:45 ----HD---- D:\WINDOWS\$NtUninstallKB901017_0$
    2009-01-07 20:22:24 ----HD---- D:\WINDOWS\$NtUninstallKB899591_0$
    2009-01-07 20:22:00 ----HD---- D:\WINDOWS\$NtUninstallKB920685_0$
    2009-01-07 20:21:39 ----HD---- D:\WINDOWS\$NtUninstallKB893756_0$
    2009-01-07 20:21:15 ----HD---- D:\WINDOWS\$NtUninstallKB911280_0$
    2009-01-07 20:20:54 ----HD---- D:\WINDOWS\$NtUninstallKB911562_0$
    2009-01-07 20:20:31 ----HD---- D:\WINDOWS\$NtUninstallKB896423_0$
    2009-01-07 20:19:21 ----A---- D:\WINDOWS\system32\MRT.exe
    2009-01-07 20:18:59 ----HD---- D:\WINDOWS\$NtUninstallKB873339_0$
    2009-01-07 20:18:20 ----HD---- D:\WINDOWS\$NtUninstallKB924496_0$
    2009-01-07 20:17:56 ----HD---- D:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
    2009-01-07 20:16:57 ----HD---- D:\WINDOWS\$NtUninstallKB921398_0$
    2009-01-07 20:16:36 ----HD---- D:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
    2009-01-07 20:16:13 ----HD---- D:\WINDOWS\$NtUninstallKB896358_0$
    2009-01-07 20:15:53 ----HD---- D:\WINDOWS\$NtUninstallKB910437_0$
    2009-01-07 20:15:34 ----HD---- D:\WINDOWS\$NtUninstallKB905495$
    2009-01-07 20:15:12 ----HD---- D:\WINDOWS\$NtUninstallKB911564$
    2009-01-07 20:14:34 ----HD---- D:\WINDOWS\$NtUninstallKB920670_0$
    2009-01-07 20:14:15 ----HD---- D:\WINDOWS\$NtUninstallKB891781_0$
    2009-01-07 20:14:08 ----A---- D:\WINDOWS\setdebug.exe
    2009-01-07 20:14:07 ----A---- D:\WINDOWS\system32\jit.dll
    2009-01-07 20:14:07 ----A---- D:\WINDOWS\system32\javaee.dll
    2009-01-07 20:14:06 ----A---- D:\WINDOWS\system32\dx3j.dll
    2009-01-07 20:14:00 ----A---- D:\WINDOWS\system32\wjview.exe
    2009-01-07 20:14:00 ----A---- D:\WINDOWS\system32\vmhelper.dll
    2009-01-07 20:13:59 ----A---- D:\WINDOWS\system32\msjdbc10.dll
    2009-01-07 20:13:59 ----A---- D:\WINDOWS\system32\msjava.dll
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\msawt.dll
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\jview.exe
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\jdbgmgr.exe
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javart.dll
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javaprxy.dll
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javacypt.dll
    2009-01-07 20:13:56 ----A---- D:\WINDOWS\system32\clspack.exe
    2009-01-07 20:13:37 ----HD---- D:\WINDOWS\$NtUninstallKB890046_0$
    2009-01-07 20:13:17 ----HD---- D:\WINDOWS\$NtUninstallKB919007_0$
    2009-01-07 20:12:52 ----HD---- D:\WINDOWS\$NtUninstallKB914388_0$
    2009-01-07 20:12:31 ----HD---- D:\WINDOWS\$NtUninstallKB917344_0$
    2009-01-07 20:12:10 ----HD---- D:\WINDOWS\$NtUninstallKB905414_0$
    2009-01-07 20:11:50 ----HD---- D:\WINDOWS\$NtUninstallKB917953_0$
    2009-01-07 20:11:30 ----HD---- D:\WINDOWS\$NtUninstallKB917734_WMP8$
    2009-01-07 20:10:47 ----HD---- D:\WINDOWS\$NtUninstallKB901214_0$
    2009-01-07 20:10:26 ----HD---- D:\WINDOWS\$NtUninstallKB923191_0$
    2009-01-07 20:10:06 ----HD---- D:\WINDOWS\$NtUninstallKB917422_0$
    2009-01-07 20:09:47 ----HD---- D:\WINDOWS\$NtUninstallKB888302_0$
    2009-01-07 20:09:24 ----HD---- D:\WINDOWS\$NtUninstallKB900725_0$
    2009-01-07 20:09:03 ----HD---- D:\WINDOWS\$NtUninstallKB912919_0$
    2009-01-07 20:08:34 ----HD---- D:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
    2009-01-07 20:08:14 ----HD---- D:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
    2009-01-07 20:07:53 ----HD---- D:\WINDOWS\$NtUninstallKB908531_0$
    2009-01-07 20:07:37 ----HD---- D:\WINDOWS\$NtUninstallKB905749_0$
    2009-01-07 20:07:20 ----HD---- D:\WINDOWS\$NtUninstallKB896428_0$
    2009-01-07 20:07:03 ----HD---- D:\WINDOWS\$NtUninstallKB835409$
    2009-01-07 20:06:47 ----HD---- D:\WINDOWS\$NtUninstallKB908519_0$
    2009-01-07 20:06:30 ----HD---- D:\WINDOWS\$NtUninstallKB920683_0$
    2009-01-07 20:06:11 ----HD---- D:\WINDOWS\$NtUninstallKB914389_0$
    2009-01-07 20:05:38 ----HD---- D:\WINDOWS\$NtUninstallKB890859_0$
    2009-01-07 16:03:17 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2009-01-07 15:55:34 ----A---- D:\WINDOWS\system32\shlwapi.dll
    2009-01-07 15:55:34 ----A---- D:\WINDOWS\system32\linkinfo.dll
    2009-01-07 15:51:55 ----A---- D:\WINDOWS\system32\shsvcs.dll
    2009-01-07 15:51:55 ----A---- D:\WINDOWS\system32\cscdll.dll
    2009-01-07 15:50:26 ----A---- D:\WINDOWS\system32\tapisrv.dll
    2009-01-07 15:47:41 ----A---- D:\WINDOWS\system32\hypertrm.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\sxs.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\shell32.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\fldrclnr.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\wship6.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ws2_32.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\netsh.exe
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ipv6mon.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ipv6.exe
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\iphlpapi.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\inetmib1.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\6to4svc.dll
    2009-01-07 15:40:38 ----A---- D:\WINDOWS\system32\esent.dll
    2009-01-07 15:26:04 ----A---- D:\WINDOWS\system32\verclsid.exe
    2009-01-07 15:24:42 ----A---- D:\WINDOWS\system32\netman.dll
    2009-01-07 15:24:09 ----A---- D:\WINDOWS\system32\msxml3.dll
    2009-01-07 15:23:47 ----A---- D:\WINDOWS\system32\netapi32.dll
    2009-01-07 15:23:33 ----A---- D:\WINDOWS\system32\shdocvw.dll
    2009-01-07 15:23:33 ----A---- D:\WINDOWS\system32\browseui.dll
    2009-01-07 15:22:58 ----A---- D:\WINDOWS\system32\jscript.dll
    2009-01-07 15:22:34 ----A---- D:\WINDOWS\system32\mscms.dll
    2009-01-07 15:21:53 ----A---- D:\WINDOWS\system32\umpnpmgr.dll
    2009-01-07 15:21:29 ----A---- D:\WINDOWS\system32\kerberos.dll
    2009-01-07 15:21:15 ----A---- D:\WINDOWS\system32\webclnt.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\winipsec.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\rasmans.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\polstore.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\oakley.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsmsnap.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsecsvc.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsecsnp.dll
    2009-01-07 15:13:33 ----HD---- D:\WINDOWS\$NtUninstallKB923414_0$
    2009-01-07 15:13:06 ----HD---- D:\WINDOWS\$NtUninstallKB896424_0$
    2009-01-07 15:12:48 ----D---- D:\WINDOWS\system32\bits
    2009-01-07 15:12:34 ----HD---- D:\WINDOWS\$NtUninstallKB842773$
    2009-01-07 15:12:00 ----HD---- D:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-01-07 15:11:42 ----A---- D:\WINDOWS\system32\rasadhlp.dll
    2009-01-07 15:11:42 ----A---- D:\WINDOWS\system32\dnsapi.dll
    2009-01-07 15:11:12 ----HD---- D:\WINDOWS\$NtUninstallKB902400_0$
    2009-01-07 15:10:31 ----HD---- D:\WINDOWS\$NtUninstallKB904706$
    2009-01-07 15:09:38 ----HD---- D:\WINDOWS\$NtUninstallKB892944$
    2009-01-07 15:09:24 ----A---- D:\WINDOWS\imsins.BAK
    2009-01-07 15:08:56 ----HD---- D:\WINDOWS\$NtUninstallKB913580_0$
    2009-01-07 15:07:29 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
    2009-01-07 15:07:28 ----D---- D:\WINDOWS\system32\SoftwareDistribution
    2009-01-07 14:22:27 ----D---- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22:12 ----D---- D:\Program Files\SUPERAntiSpyware
    2009-01-07 14:22:12 ----D---- D:\Documents and Settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:15:34 ----A---- D:\WINDOWS\system32\tmp.txt
    2009-01-07 01:15:22 ----A---- D:\rapport.txt
    2009-01-06 21:53:36 ----D---- D:\Documents and Settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53:24 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
    2009-01-06 19:05:37 ----A---- D:\WINDOWS\system32\3308da2a-.txt
    2008-12-30 18:21:46 ----D---- D:\VundoFix Backups
    2008-12-30 18:21:46 ----A---- D:\VundoFix.txt
    2008-12-30 18:03:37 ----A---- D:\WINDOWS\SchedLgU.Txt
    2008-12-30 16:02:26 ----A---- D:\WINDOWS\system32\poioks.dll
    2008-12-30 16:02:23 ----A---- D:\WINDOWS\system32\jjdktvhi.dll
    2008-12-30 15:42:57 ----D---- D:\Program Files\Avira
    2008-12-30 15:42:57 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
    2008-12-30 15:25:59 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-30 15:25:54 ----D---- D:\Program Files\SpywareBlaster
    2008-12-29 18:30:55 ----D---- D:\Program Files\Panda Security
    2008-12-29 17:34:56 ----SHD---- D:\FOUND.005
    2008-12-28 14:09:30 ----SHD---- D:\FOUND.004
    2008-12-27 17:10:00 ----SH---- D:\WINDOWS\system32\ttfawfqc.ini
    2008-12-27 17:08:03 ----A---- D:\WINDOWS\system32\mkyscq.dll
    2008-12-27 17:08:00 ----A---- D:\WINDOWS\system32\gpnkylva.dll
    2008-12-25 22:23:38 ----SHD---- D:\FOUND.003
    2008-12-25 20:11:10 ----SH---- D:\WINDOWS\system32\ynqernvd.ini
    2008-12-25 01:04:21 ----A---- D:\WINDOWS\system32\MFC71.dll
    2008-12-25 01:04:18 ----D---- D:\Program Files\Alwil Software
    2008-12-24 19:14:53 ----A---- D:\WINDOWS\system32\igdjxa.dll
    2008-12-24 19:14:52 ----SH---- D:\WINDOWS\system32\vtwniopc.ini
    2008-12-24 19:14:51 ----A---- D:\WINDOWS\system32\lvqevsoh.dll
    2008-12-23 21:08:08 ----A---- D:\WINDOWS\system32\mabajf.dll
    2008-12-23 21:08:05 ----A---- D:\WINDOWS\system32\axfulrdo.dll
    2008-12-23 19:12:45 ----SH---- D:\WINDOWS\system32\sqvvaomb.ini
    2008-12-23 19:10:31 ----ASH---- D:\WINDOWS\system32\deMooUtv.ini
    2008-12-18 18:19:42 ----D---- D:\Program Files\Spybot - Search & Destroy
    2008-12-18 18:19:42 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-18 17:44:43 ----A---- D:\WINDOWS\system32\deploytk.dll

    ======List of files/folders modified in the last 1 months======

    2009-01-08 19:51:10 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-08 17:15:06 ----A---- D:\WINDOWS\win.ini
    2009-01-08 17:15:06 ----A---- D:\WINDOWS\system.ini
    2008-12-23 21:37:08 ----A---- D:\WINDOWS\WININIT.INI
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\javaws.exe
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\javaw.exe
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\java.exe
    2008-12-15 14:40:08 ----A---- D:\WINDOWS\ODBC.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; D:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
    R1 avgntdd;avgntdd; D:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
    R1 avipbb;avipbb; D:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-12-30 75072]
    R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320]
    R1 ssmdrv;ssmdrv; D:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R2 EIO;EIO; \??\D:\WINDOWS\system32\drivers\EIO.sys []
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; D:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
    R2 NwlnkNb;NetBIOS NWLink; D:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-04 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; D:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-04 55936]
    R2 tmcomm;tmcomm; \??\D:\WINDOWS\System32\drivers\tmcomm.sys []
    R3 Arp1394;Protocole client ARP 1394; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; D:\WINDOWS\System32\DRIVERS\e1e5132.sys [2006-06-05 230400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HECI;Intel(R) Management Engine Interface; D:\WINDOWS\System32\DRIVERS\HECI.sys [2006-06-01 43264]
    R3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
    R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; D:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
    R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
    S3 FLASHSYS;FLASHSYS; \??\D:\WINDOWS\System32\DRIVERS\FLASHSYS.sys []
    S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
    S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
    S3 ossrv;Creative OS Services Driver; D:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
    S3 P17;Sound Blaster Audigy; D:\WINDOWS\system32\drivers\P17.sys []
    S3 pepifilter;Volume Adapter; D:\WINDOWS\System32\DRIVERS\lv302af.sys [2004-01-21 5915]
    S3 PID_08A0;Labtec WebCam Pro(PID_08A0); D:\WINDOWS\System32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbaudio;Pilote USB audio (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
    S3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
    S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 WEBNTACCESS;WEBNTACCESS; \??\D:\WINDOWS\System32\NTACCESS.SYS []
    S3 WLAN_USB; Wireless LAN USB Driver; D:\WINDOWS\System32\DRIVERS\wlanUSB.sys [2002-01-17 50176]
    S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ATKKeyboardService;ATK Keyboard Service; D:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
    R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-18 152984]
    R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2007-06-29 155716]
    R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
    S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
    S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 138168]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; D:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

    -----------------EOF-----------------

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 899
    Windows 5.1.2600 Service Pack 2

    22:14:59 08/01/2009
    mbam-log-1-8-2009 (22-14-51).txt

    Type de recherche: Examen complet (D:\|)
    Eléments examinés: 91568
    Temps écoulé: 2 hour(s), 26 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54 (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    merci de ta patience
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. uncleone Messages postés 19 Statut Membre
     
    je poste les rapports
    info.txt logfile of random's system information tool 1.05 2009-01-08 22:29:22

    ======Uninstall list======

    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 Plugin-->D:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->D:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
    ASUS Enhanced Display Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
    ASUS nVIDIA Driver-->D:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1036
    Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    BJC-250-->D:\WINDOWS\System32\CNMCP14.EXE -@D:\WINDOWS\IsUn040c.exe -f"D:\BJPrinter\CNMWINDOWS\Canon BJC-250 Installer\Inst\DeIsL1.isu" -pCanon BJC-250-c"D:\BJPrinter\CNMWINDOWS\Canon BJC-250 Installer\Inst\bjinst.dll
    CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
    Correctif Windows XP - KB873339-->D:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835-->D:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836-->D:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302-->D:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859-->"D:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781-->D:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    DeepBurner v1.7.1.213-->"D:\DeepBurner\Uninstall.exe" "D:\DeepBurner\install.log"
    DVD Shrink 3.2-->"D:\DVD Shrink\unins000.exe"
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar2.dll"
    High Definition Audio Driver Package - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"D:\Documents and Settings\Mamet\Bureau\HijackThis.exe" /uninstall
    Intel Audio Studio 2.0-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x40c
    Intel(R) Active Client Manager 2.0 HECI Driver-->D:\WINDOWS\System32\heciudlg.exe -uninstall
    Intel(R) PRO Network Connections-->MsiExec.exe /I{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}
    Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
    Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"D:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"D:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"D:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046)-->"D:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756)-->"D:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358)-->"D:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423)-->"D:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424)-->"D:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428)-->"D:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587)-->"D:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591)-->"D:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725)-->"D:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017)-->"D:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214)-->"D:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400)-->"D:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414)-->"D:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749)-->"D:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519)-->"D:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562)-->"D:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927)-->"D:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919)-->"D:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580)-->"D:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388)-->"D:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389)-->"D:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344)-->"D:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422)-->"D:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953)-->"D:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007)-->"D:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670)-->"D:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683)-->"D:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685)-->"D:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921398)-->"D:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921883)-->"D:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922616)-->"D:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819)-->"D:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191)-->"D:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414)-->"D:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191)-->"D:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496)-->"D:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531)-->"D:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437)-->"D:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280)-->"D:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    NVIDIA Drivers-->D:\WINDOWS\System32\nvudisp.exe UninstallGUI
    Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    Picasa 2-->"D:\Picasa2\Uninstall.exe"
    Programme de gestion Camera de Logitech®-->"D:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    Realtek AC'97 Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    SigmaTel Audio-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x40c -remove -removeonly
    Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster 4.1-->"D:\Program Files\SpywareBlaster\unins000.exe"
    Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
    Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 2-->D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic

    System event log

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Mamet at 2009-01-08 22:29:12
    Microsoft Windows XP Professionnel Service Pack 2
    System drive D: has 4 GB (7%) free of 56 GB
    Total RAM: 502 MB (38% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    D:\WINDOWS\tasks\AppleSoftwareUpdate.job
    D:\WINDOWS\tasks\bdlexcsv.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    Ask Search Assistant BHO - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-01-02 66912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62761C2C-8EA6-451B-A658-B49DB743189E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-18 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8177813A-E778-4D08-8EDA-2E59B28C9964}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55023C7-13C7-468C-B15A-5FDE29185907}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-24 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B73F3E9D-4864-44FC-A2A6-5B3993E427E2}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "SigmatelSysTrayApp"=sttray.exe []
    "IntelAudioStudio"=D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-06-07 9129984]
    "NvCplDaemon"=D:\WINDOWS\System32\NvCpl.dll [2007-06-29 8466432]
    "QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
    "Adobe Photo Downloader"=D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe [2008-04-01 61440]
    "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-18 136600]
    "avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "WUSB54GPv4"=D:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe []
    "UpdReg"=D:\WINDOWS\UpdReg.EXE []
    "RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
    "P17Helper"=Rundll32 P17.dll []
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=D:\WINDOWS\System32\NvMcTray.dll [2007-06-29 81920]
    "LogitechVideoTray"=D:\Program Files\Logitech\Video\LogiTray.exe [2004-02-12 77824]
    "LogitechVideoRepair"=D:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416]
    "LiveMonitor"=D:\Program Files\MSI\Live Update 3\LMonitor.exe []
    "KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
    "High Definition Audio Property Page Shortcut"=D:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "CTSysVol"=D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r []
    "ATIModeChange"=Ati2mdxx.exe []
    "ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []
    "382b1e54"=D:\WINDOWS\System32\cqfwaftt.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
    "msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
    "swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-18 68856]
    "SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
    "MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2004-08-20 1667584]

    D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Wireless LAN Utility.lnk - D:\Program Files\WLAN\WLAN\wlanutil.exe
    PC Alert 4.lnk - D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    Microsoft Office.lnk - D:\Microsoft Office\Office\OSA9.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="mabajf.dll mkyscq.dll poioks.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRLeeBQ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======File associations======

    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-01-08 22:29:13 ----D---- D:\Program Files\trend micro
    2009-01-08 22:29:12 ----D---- D:\rsit
    2009-01-08 19:45:28 ----A---- D:\WINDOWS\ntbtlog.txt
    2009-01-07 23:39:00 ----HD---- D:\WINDOWS\$NtUninstallKB911565$
    2009-01-07 23:34:14 ----SHD---- D:\Config.Msi
    2009-01-07 23:31:38 ----A---- D:\WINDOWS\OEWABLog.txt
    2009-01-07 23:30:39 ----D---- D:\WINDOWS\Prefetch
    2009-01-07 23:19:18 ----HD---- D:\WINDOWS\$NtUninstallKB899587$
    2009-01-07 23:18:23 ----HD---- D:\WINDOWS\$NtUninstallKB924191$
    2009-01-07 23:17:32 ----HD---- D:\WINDOWS\$NtUninstallKB922819$
    2009-01-07 23:16:45 ----HD---- D:\WINDOWS\$NtUninstallKB885835$
    2009-01-07 23:16:05 ----HD---- D:\WINDOWS\$NtUninstallKB921883$
    2009-01-07 23:15:28 ----HD---- D:\WINDOWS\$NtUninstallKB911927$
    2009-01-07 23:14:44 ----HD---- D:\WINDOWS\$NtUninstallKB922616$
    2009-01-07 23:14:06 ----HD---- D:\WINDOWS\$NtUninstallKB899591$
    2009-01-07 23:13:21 ----HD---- D:\WINDOWS\$NtUninstallKB893756$
    2009-01-07 23:12:36 ----HD---- D:\WINDOWS\$NtUninstallKB911280$
    2009-01-07 23:11:52 ----HD---- D:\WINDOWS\$NtUninstallKB911562$
    2009-01-07 23:11:04 ----HD---- D:\WINDOWS\$NtUninstallKB896423$
    2009-01-07 23:10:23 ----HD---- D:\WINDOWS\$NtUninstallKB873339$
    2009-01-07 23:09:38 ----HD---- D:\WINDOWS\$NtUninstallKB924496$
    2009-01-07 23:08:46 ----HD---- D:\WINDOWS\$NtUninstallKB921398$
    2009-01-07 23:07:58 ----HD---- D:\WINDOWS\$NtUninstallKB896358$
    2009-01-07 23:07:12 ----HD---- D:\WINDOWS\$NtUninstallKB910437$
    2009-01-07 23:06:34 ----HD---- D:\WINDOWS\$NtUninstallKB920670$
    2009-01-07 23:05:57 ----HD---- D:\WINDOWS\$NtUninstallKB891781$
    2009-01-07 23:05:15 ----HD---- D:\WINDOWS\$NtUninstallKB890046$
    2009-01-07 23:04:22 ----HD---- D:\WINDOWS\$NtUninstallKB919007$
    2009-01-07 23:03:28 ----HD---- D:\WINDOWS\$NtUninstallKB917344$
    2009-01-07 23:02:42 ----HD---- D:\WINDOWS\$NtUninstallKB905414$
    2009-01-07 23:01:54 ----HD---- D:\WINDOWS\$NtUninstallKB917953$
    2009-01-07 23:01:01 ----HD---- D:\WINDOWS\$NtUninstallKB901214$
    2009-01-07 23:00:08 ----HD---- D:\WINDOWS\$NtUninstallKB923191$
    2009-01-07 22:59:12 ----HD---- D:\WINDOWS\$NtUninstallKB888302$
    2009-01-07 22:58:16 ----HD---- D:\WINDOWS\$NtUninstallKB900725$
    2009-01-07 22:57:22 ----HD---- D:\WINDOWS\$NtUninstallKB912919$
    2009-01-07 22:56:25 ----HD---- D:\WINDOWS\$NtUninstallKB908531$
    2009-01-07 22:55:33 ----HD---- D:\WINDOWS\$NtUninstallKB905749$
    2009-01-07 22:54:38 ----HD---- D:\WINDOWS\$NtUninstallKB920683$
    2009-01-07 22:53:43 ----HD---- D:\WINDOWS\$NtUninstallKB885836$
    2009-01-07 22:53:06 ----HD---- D:\WINDOWS\$NtUninstallKB901017$
    2009-01-07 22:52:27 ----HD---- D:\WINDOWS\$NtUninstallKB920685$
    2009-01-07 22:51:46 ----HD---- D:\WINDOWS\$NtUninstallKB914388$
    2009-01-07 22:51:02 ----HD---- D:\WINDOWS\$NtUninstallKB917422$
    2009-01-07 22:50:16 ----HD---- D:\WINDOWS\$NtUninstallKB896428$
    2009-01-07 22:49:30 ----HD---- D:\WINDOWS\$NtUninstallKB908519$
    2009-01-07 22:48:47 ----HD---- D:\WINDOWS\$NtUninstallKB914389$
    2009-01-07 22:48:01 ----HD---- D:\WINDOWS\$NtUninstallKB890859$
    2009-01-07 22:47:17 ----HD---- D:\WINDOWS\$NtUninstallKB923414$
    2009-01-07 22:46:32 ----HD---- D:\WINDOWS\$NtUninstallKB896424$
    2009-01-07 22:45:33 ----HD---- D:\WINDOWS\$NtUninstallKB902400$
    2009-01-07 22:44:46 ----HD---- D:\WINDOWS\$NtUninstallKB913580$
    2009-01-07 22:42:06 ----A---- D:\WINDOWS\setuplog.txt
    2009-01-07 22:42:04 ----A---- D:\WINDOWS\system32\wmpns.dll
    2009-01-07 22:40:55 ----D---- D:\WINDOWS\peernet
    2009-01-07 22:40:54 ----D---- D:\WINDOWS\provisioning
    2009-01-07 22:38:49 ----D---- D:\WINDOWS\ServicePackFiles
    2009-01-07 22:31:49 ----HD---- D:\WINDOWS\$NtServicePackUninstall$
    2009-01-07 22:31:45 ----D---- D:\WINDOWS\EHome
    2009-01-07 21:05:19 ----N---- D:\WINDOWS\system32\spnpinst.exe
    2009-01-07 20:25:46 ----HD---- D:\WINDOWS\$NtUninstallKB899587_0$
    2009-01-07 20:25:23 ----HD---- D:\WINDOWS\$NtUninstallKB924191_0$
    2009-01-07 20:24:58 ----HD---- D:\WINDOWS\$NtUninstallKB922819_0$
    2009-01-07 20:24:35 ----HD---- D:\WINDOWS\$NtUninstallKB885835_0$
    2009-01-07 20:24:12 ----HD---- D:\WINDOWS\$NtUninstallKB885836_0$
    2009-01-07 20:23:52 ----HD---- D:\WINDOWS\$NtUninstallKB921883_0$
    2009-01-07 20:23:30 ----HD---- D:\WINDOWS\$NtUninstallKB911927_0$
    2009-01-07 20:23:08 ----HD---- D:\WINDOWS\$NtUninstallKB922616_0$
    2009-01-07 20:22:45 ----HD---- D:\WINDOWS\$NtUninstallKB901017_0$
    2009-01-07 20:22:24 ----HD---- D:\WINDOWS\$NtUninstallKB899591_0$
    2009-01-07 20:22:00 ----HD---- D:\WINDOWS\$NtUninstallKB920685_0$
    2009-01-07 20:21:39 ----HD---- D:\WINDOWS\$NtUninstallKB893756_0$
    2009-01-07 20:21:15 ----HD---- D:\WINDOWS\$NtUninstallKB911280_0$
    2009-01-07 20:20:54 ----HD---- D:\WINDOWS\$NtUninstallKB911562_0$
    2009-01-07 20:20:31 ----HD---- D:\WINDOWS\$NtUninstallKB896423_0$
    2009-01-07 20:19:21 ----A---- D:\WINDOWS\system32\MRT.exe
    2009-01-07 20:18:59 ----HD---- D:\WINDOWS\$NtUninstallKB873339_0$
    2009-01-07 20:18:20 ----HD---- D:\WINDOWS\$NtUninstallKB924496_0$
    2009-01-07 20:17:56 ----HD---- D:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
    2009-01-07 20:16:57 ----HD---- D:\WINDOWS\$NtUninstallKB921398_0$
    2009-01-07 20:16:36 ----HD---- D:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
    2009-01-07 20:16:13 ----HD---- D:\WINDOWS\$NtUninstallKB896358_0$
    2009-01-07 20:15:53 ----HD---- D:\WINDOWS\$NtUninstallKB910437_0$
    2009-01-07 20:15:34 ----HD---- D:\WINDOWS\$NtUninstallKB905495$
    2009-01-07 20:15:12 ----HD---- D:\WINDOWS\$NtUninstallKB911564$
    2009-01-07 20:14:34 ----HD---- D:\WINDOWS\$NtUninstallKB920670_0$
    2009-01-07 20:14:15 ----HD---- D:\WINDOWS\$NtUninstallKB891781_0$
    2009-01-07 20:14:08 ----A---- D:\WINDOWS\setdebug.exe
    2009-01-07 20:14:07 ----A---- D:\WINDOWS\system32\jit.dll
    2009-01-07 20:14:07 ----A---- D:\WINDOWS\system32\javaee.dll
    2009-01-07 20:14:06 ----A---- D:\WINDOWS\system32\dx3j.dll
    2009-01-07 20:14:00 ----A---- D:\WINDOWS\system32\wjview.exe
    2009-01-07 20:14:00 ----A---- D:\WINDOWS\system32\vmhelper.dll
    2009-01-07 20:13:59 ----A---- D:\WINDOWS\system32\msjdbc10.dll
    2009-01-07 20:13:59 ----A---- D:\WINDOWS\system32\msjava.dll
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\msawt.dll
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\jview.exe
    2009-01-07 20:13:58 ----A---- D:\WINDOWS\system32\jdbgmgr.exe
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javart.dll
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javaprxy.dll
    2009-01-07 20:13:57 ----A---- D:\WINDOWS\system32\javacypt.dll
    2009-01-07 20:13:56 ----A---- D:\WINDOWS\system32\clspack.exe
    2009-01-07 20:13:37 ----HD---- D:\WINDOWS\$NtUninstallKB890046_0$
    2009-01-07 20:13:17 ----HD---- D:\WINDOWS\$NtUninstallKB919007_0$
    2009-01-07 20:12:52 ----HD---- D:\WINDOWS\$NtUninstallKB914388_0$
    2009-01-07 20:12:31 ----HD---- D:\WINDOWS\$NtUninstallKB917344_0$
    2009-01-07 20:12:10 ----HD---- D:\WINDOWS\$NtUninstallKB905414_0$
    2009-01-07 20:11:50 ----HD---- D:\WINDOWS\$NtUninstallKB917953_0$
    2009-01-07 20:11:30 ----HD---- D:\WINDOWS\$NtUninstallKB917734_WMP8$
    2009-01-07 20:10:47 ----HD---- D:\WINDOWS\$NtUninstallKB901214_0$
    2009-01-07 20:10:26 ----HD---- D:\WINDOWS\$NtUninstallKB923191_0$
    2009-01-07 20:10:06 ----HD---- D:\WINDOWS\$NtUninstallKB917422_0$
    2009-01-07 20:09:47 ----HD---- D:\WINDOWS\$NtUninstallKB888302_0$
    2009-01-07 20:09:24 ----HD---- D:\WINDOWS\$NtUninstallKB900725_0$
    2009-01-07 20:09:03 ----HD---- D:\WINDOWS\$NtUninstallKB912919_0$
    2009-01-07 20:08:34 ----HD---- D:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
    2009-01-07 20:08:14 ----HD---- D:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
    2009-01-07 20:07:53 ----HD---- D:\WINDOWS\$NtUninstallKB908531_0$
    2009-01-07 20:07:37 ----HD---- D:\WINDOWS\$NtUninstallKB905749_0$
    2009-01-07 20:07:20 ----HD---- D:\WINDOWS\$NtUninstallKB896428_0$
    2009-01-07 20:07:03 ----HD---- D:\WINDOWS\$NtUninstallKB835409$
    2009-01-07 20:06:47 ----HD---- D:\WINDOWS\$NtUninstallKB908519_0$
    2009-01-07 20:06:30 ----HD---- D:\WINDOWS\$NtUninstallKB920683_0$
    2009-01-07 20:06:11 ----HD---- D:\WINDOWS\$NtUninstallKB914389_0$
    2009-01-07 20:05:38 ----HD---- D:\WINDOWS\$NtUninstallKB890859_0$
    2009-01-07 16:03:17 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2009-01-07 15:55:34 ----A---- D:\WINDOWS\system32\shlwapi.dll
    2009-01-07 15:55:34 ----A---- D:\WINDOWS\system32\linkinfo.dll
    2009-01-07 15:51:55 ----A---- D:\WINDOWS\system32\shsvcs.dll
    2009-01-07 15:51:55 ----A---- D:\WINDOWS\system32\cscdll.dll
    2009-01-07 15:50:26 ----A---- D:\WINDOWS\system32\tapisrv.dll
    2009-01-07 15:47:41 ----A---- D:\WINDOWS\system32\hypertrm.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\sxs.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\shell32.dll
    2009-01-07 15:47:28 ----A---- D:\WINDOWS\system32\fldrclnr.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\wship6.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ws2_32.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\netsh.exe
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ipv6mon.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\ipv6.exe
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\iphlpapi.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\inetmib1.dll
    2009-01-07 15:41:46 ----A---- D:\WINDOWS\system32\6to4svc.dll
    2009-01-07 15:40:38 ----A---- D:\WINDOWS\system32\esent.dll
    2009-01-07 15:26:04 ----A---- D:\WINDOWS\system32\verclsid.exe
    2009-01-07 15:24:42 ----A---- D:\WINDOWS\system32\netman.dll
    2009-01-07 15:24:09 ----A---- D:\WINDOWS\system32\msxml3.dll
    2009-01-07 15:23:47 ----A---- D:\WINDOWS\system32\netapi32.dll
    2009-01-07 15:23:33 ----A---- D:\WINDOWS\system32\shdocvw.dll
    2009-01-07 15:23:33 ----A---- D:\WINDOWS\system32\browseui.dll
    2009-01-07 15:22:58 ----A---- D:\WINDOWS\system32\jscript.dll
    2009-01-07 15:22:34 ----A---- D:\WINDOWS\system32\mscms.dll
    2009-01-07 15:21:53 ----A---- D:\WINDOWS\system32\umpnpmgr.dll
    2009-01-07 15:21:29 ----A---- D:\WINDOWS\system32\kerberos.dll
    2009-01-07 15:21:15 ----A---- D:\WINDOWS\system32\webclnt.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\winipsec.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\rasmans.dll
    2009-01-07 15:20:59 ----A---- D:\WINDOWS\system32\polstore.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\oakley.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsmsnap.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsecsvc.dll
    2009-01-07 15:20:58 ----A---- D:\WINDOWS\system32\ipsecsnp.dll
    2009-01-07 15:13:33 ----HD---- D:\WINDOWS\$NtUninstallKB923414_0$
    2009-01-07 15:13:06 ----HD---- D:\WINDOWS\$NtUninstallKB896424_0$
    2009-01-07 15:12:48 ----D---- D:\WINDOWS\system32\bits
    2009-01-07 15:12:34 ----HD---- D:\WINDOWS\$NtUninstallKB842773$
    2009-01-07 15:12:00 ----HD---- D:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-01-07 15:11:42 ----A---- D:\WINDOWS\system32\rasadhlp.dll
    2009-01-07 15:11:42 ----A---- D:\WINDOWS\system32\dnsapi.dll
    2009-01-07 15:11:12 ----HD---- D:\WINDOWS\$NtUninstallKB902400_0$
    2009-01-07 15:10:31 ----HD---- D:\WINDOWS\$NtUninstallKB904706$
    2009-01-07 15:09:38 ----HD---- D:\WINDOWS\$NtUninstallKB892944$
    2009-01-07 15:09:24 ----A---- D:\WINDOWS\imsins.BAK
    2009-01-07 15:08:56 ----HD---- D:\WINDOWS\$NtUninstallKB913580_0$
    2009-01-07 15:07:29 ----A---- D:\WINDOWS\system32\wuapi.dll.mui
    2009-01-07 15:07:28 ----D---- D:\WINDOWS\system32\SoftwareDistribution
    2009-01-07 14:22:27 ----D---- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22:12 ----D---- D:\Program Files\SUPERAntiSpyware
    2009-01-07 14:22:12 ----D---- D:\Documents and Settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:15:34 ----A---- D:\WINDOWS\system32\tmp.txt
    2009-01-07 01:15:22 ----A---- D:\rapport.txt
    2009-01-06 21:53:36 ----D---- D:\Documents and Settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53:25 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53:24 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
    2009-01-06 19:05:37 ----A---- D:\WINDOWS\system32\3308da2a-.txt
    2008-12-30 18:21:46 ----D---- D:\VundoFix Backups
    2008-12-30 18:21:46 ----A---- D:\VundoFix.txt
    2008-12-30 18:03:37 ----A---- D:\WINDOWS\SchedLgU.Txt
    2008-12-30 16:02:26 ----A---- D:\WINDOWS\system32\poioks.dll
    2008-12-30 16:02:23 ----A---- D:\WINDOWS\system32\jjdktvhi.dll
    2008-12-30 15:42:57 ----D---- D:\Program Files\Avira
    2008-12-30 15:42:57 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
    2008-12-30 15:25:59 ----D---- D:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-30 15:25:54 ----D---- D:\Program Files\SpywareBlaster
    2008-12-29 18:30:55 ----D---- D:\Program Files\Panda Security
    2008-12-29 17:34:56 ----SHD---- D:\FOUND.005
    2008-12-28 14:09:30 ----SHD---- D:\FOUND.004
    2008-12-27 17:10:00 ----SH---- D:\WINDOWS\system32\ttfawfqc.ini
    2008-12-27 17:08:03 ----A---- D:\WINDOWS\system32\mkyscq.dll
    2008-12-27 17:08:00 ----A---- D:\WINDOWS\system32\gpnkylva.dll
    2008-12-25 22:23:38 ----SHD---- D:\FOUND.003
    2008-12-25 20:11:10 ----SH---- D:\WINDOWS\system32\ynqernvd.ini
    2008-12-25 01:04:21 ----A---- D:\WINDOWS\system32\MFC71.dll
    2008-12-25 01:04:18 ----D---- D:\Program Files\Alwil Software
    2008-12-24 19:14:53 ----A---- D:\WINDOWS\system32\igdjxa.dll
    2008-12-24 19:14:52 ----SH---- D:\WINDOWS\system32\vtwniopc.ini
    2008-12-24 19:14:51 ----A---- D:\WINDOWS\system32\lvqevsoh.dll
    2008-12-23 21:08:08 ----A---- D:\WINDOWS\system32\mabajf.dll
    2008-12-23 21:08:05 ----A---- D:\WINDOWS\system32\axfulrdo.dll
    2008-12-23 19:12:45 ----SH---- D:\WINDOWS\system32\sqvvaomb.ini
    2008-12-23 19:10:31 ----ASH---- D:\WINDOWS\system32\deMooUtv.ini
    2008-12-18 18:19:42 ----D---- D:\Program Files\Spybot - Search & Destroy
    2008-12-18 18:19:42 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-18 17:44:43 ----A---- D:\WINDOWS\system32\deploytk.dll

    ======List of files/folders modified in the last 1 months======

    2009-01-08 19:51:10 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-08 17:15:06 ----A---- D:\WINDOWS\win.ini
    2009-01-08 17:15:06 ----A---- D:\WINDOWS\system.ini
    2008-12-23 21:37:08 ----A---- D:\WINDOWS\WININIT.INI
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\javaws.exe
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\javaw.exe
    2008-12-18 17:44:34 ----A---- D:\WINDOWS\system32\java.exe
    2008-12-15 14:40:08 ----A---- D:\WINDOWS\ODBC.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 asuskbnt;Enhanced Display Driver Helper Service; D:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
    R1 avgntdd;avgntdd; D:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
    R1 avipbb;avipbb; D:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-12-30 75072]
    R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320]
    R1 ssmdrv;ssmdrv; D:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R2 EIO;EIO; \??\D:\WINDOWS\system32\drivers\EIO.sys []
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; D:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
    R2 NwlnkNb;NetBIOS NWLink; D:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-04 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; D:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-04 55936]
    R2 tmcomm;tmcomm; \??\D:\WINDOWS\System32\drivers\tmcomm.sys []
    R3 Arp1394;Protocole client ARP 1394; D:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; D:\WINDOWS\System32\DRIVERS\e1e5132.sys [2006-06-05 230400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HECI;Intel(R) Management Engine Interface; D:\WINDOWS\System32\DRIVERS\HECI.sys [2006-06-01 43264]
    R3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; D:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
    R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; D:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
    R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
    S3 FLASHSYS;FLASHSYS; \??\D:\WINDOWS\System32\DRIVERS\FLASHSYS.sys []
    S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
    S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
    S3 ossrv;Creative OS Services Driver; D:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
    S3 P17;Sound Blaster Audigy; D:\WINDOWS\system32\drivers\P17.sys []
    S3 pepifilter;Volume Adapter; D:\WINDOWS\System32\DRIVERS\lv302af.sys [2004-01-21 5915]
    S3 PID_08A0;Labtec WebCam Pro(PID_08A0); D:\WINDOWS\System32\DRIVERS\LV302AV.SYS [2004-01-21 271360]
    S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 streamip;BDA IPSink; D:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usbaudio;Pilote USB audio (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
    S3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
    S3 usbscan;Pilote de scanneur USB; D:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 WEBNTACCESS;WEBNTACCESS; \??\D:\WINDOWS\System32\NTACCESS.SYS []
    S3 WLAN_USB; Wireless LAN USB Driver; D:\WINDOWS\System32\DRIVERS\wlanUSB.sys [2002-01-17 50176]
    S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ATKKeyboardService;ATK Keyboard Service; D:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
    R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-18 152984]
    R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2007-06-29 155716]
    R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\System32\wdfmgr.exe [2004-10-11 38912]
    S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
    S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 138168]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; D:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

    -----------------EOF-----------------

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 899
    Windows 5.1.2600 Service Pack 2

    22:14:59 08/01/2009
    mbam-log-1-8-2009 (22-14-51).txt

    Type de recherche: Examen complet (D:\|)
    Eléments examinés: 91568
    Temps écoulé: 2 hour(s), 26 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54 (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    merci de ta patience
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    as si tu avais mis spyawareblaster avant cela ne serait peut etre pas arrivé!

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ______________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
    1. uncleone Messages postés 19 Statut Membre
       
      j'ai spywareblaster il fonctionne
      je telecharge combofix (le temps de lire le tuto)
      je fait le log HJT (j'ai déja changé son nom en Jean.exe)
      ok pour les sauvegardes et je poste
      merci jlpjlp d'attendre je ne suis pas rapide dans les manips
      0
  8. uncleone Messages postés 19 Statut Membre
     
    ComboFix 08-12-31.01 - Mamet 2009-01-09 18:14:54.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502.232 [GMT 1:00]
    Lancé depuis: d:\documents and settings\Mamet\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .
    - Mode FONCTIONNALITES REDUITES -
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-09 au 2009-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- D:\rsit
    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- d:\program files\trend micro
    2009-01-08 18:21 . 2008-04-11 19:51 683,520 --------- d:\windows\system32\dllcache\inetcomm.dll
    2009-01-08 18:18 . 2008-10-03 11:17 247,326 --------- d:\windows\system32\dllcache\strmdll.dll
    2009-01-07 23:31 . 2009-01-07 23:31 <REP> d-------- d:\documents and settings\LocalService\Menu Démarrer
    2009-01-07 22:42 . 2004-08-20 00:09 221,184 --a------ d:\windows\system32\wmpns.dll
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\provisioning
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\peernet
    2009-01-07 22:38 . 2009-01-07 22:38 <REP> d-------- d:\windows\ServicePackFiles
    2009-01-07 22:31 . 2009-01-07 22:31 <REP> d-------- d:\windows\EHome
    2009-01-07 21:05 . 2002-04-15 21:11 67,866 --------- d:\windows\system32\drivers\netwlan5.img
    2009-01-07 21:05 . 2004-08-19 16:10 11,776 --------- d:\windows\system32\spnpinst.exe
    2009-01-07 21:05 . 2004-08-02 14:20 7,208 --------- d:\windows\system32\secupd.sig
    2009-01-07 21:05 . 2004-08-02 14:20 4,569 --------- d:\windows\system32\secupd.dat
    2009-01-07 20:14 . 2003-02-28 16:34 313,856 --a------ d:\windows\system32\dx3j.dll
    2009-01-07 20:14 . 2003-02-28 18:26 286,992 --a------ d:\windows\system32\vmhelper.dll
    2009-01-07 20:14 . 2003-02-28 18:26 171,792 --a------ d:\windows\system32\wjview.exe
    2009-01-07 20:14 . 2003-02-28 18:26 171,280 --a------ d:\windows\system32\jit.dll
    2009-01-07 20:14 . 2003-02-28 18:26 139,536 --a------ d:\windows\system32\javaee.dll
    2009-01-07 20:14 . 2003-02-28 18:26 46,352 --a------ d:\windows\setdebug.exe
    2009-01-07 20:14 . 2003-02-28 16:54 7,315 --a------ d:\windows\system32\javasup.vxd
    2009-01-07 20:14 . 2003-02-28 16:35 6,550 --a------ d:\windows\jautoexp.dat
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedon.reg
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedoff.reg
    2009-01-07 20:13 . 2003-02-28 18:26 947,472 --a------ d:\windows\system32\msjava.dll
    2009-01-07 20:13 . 2003-02-28 18:26 404,752 --a------ d:\windows\system32\javart.dll
    2009-01-07 20:13 . 2003-02-28 18:26 187,152 --a------ d:\windows\system32\javacypt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 172,304 --a------ d:\windows\system32\jview.exe
    2009-01-07 20:13 . 2003-02-28 18:26 154,384 --a------ d:\windows\system32\msawt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 63,248 --a------ d:\windows\system32\javaprxy.dll
    2009-01-07 20:13 . 2003-02-28 18:26 49,424 --a------ d:\windows\system32\clspack.exe
    2009-01-07 20:13 . 2003-02-28 18:26 21,264 --a------ d:\windows\system32\msjdbc10.dll
    2009-01-07 20:13 . 2003-02-28 18:26 15,120 --a------ d:\windows\system32\jdbgmgr.exe
    2009-01-07 19:40 . 2009-01-07 18:36 102,664 --a------ d:\windows\system32\drivers\tmcomm.sys
    2009-01-07 18:36 . 2009-01-07 18:36 <REP> d-------- d:\documents and settings\Mamet\.housecall6.6
    2009-01-07 16:02 . 2006-04-20 12:51 359,808 --------- d:\windows\system32\dllcache\tcpip.sys
    2009-01-07 15:55 . 2005-09-01 02:43 19,968 --a------ d:\windows\system32\linkinfo.dll
    2009-01-07 15:51 . 2004-08-20 00:09 102,912 --a------ d:\windows\system32\cscdll.dll
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --a------ d:\windows\system32\hhctrl.ocx
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --------- d:\windows\system32\dllcache\hhctrl.ocx
    2009-01-07 15:50 . 2005-07-08 17:28 249,344 --a------ d:\windows\system32\tapisrv.dll
    2009-01-07 15:47 . 2006-07-13 14:36 8,509,952 --------- d:\windows\system32\dllcache\shell32.dll
    2009-01-07 15:47 . 2004-08-20 00:09 716,800 --a------ d:\windows\system32\sxs.dll
    2009-01-07 15:47 . 2004-11-17 18:42 354,304 --a------ d:\windows\system32\hypertrm.dll
    2009-01-07 15:47 . 2004-08-20 00:09 88,064 --a------ d:\windows\system32\fldrclnr.dll
    2009-01-07 15:43 . 2006-08-25 16:51 617,472 --------- d:\windows\system32\dllcache\comctl32.dll
    2009-01-07 15:41 . 2006-08-16 10:37 225,664 --------- d:\windows\system32\dllcache\tcpip6.sys
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --------- d:\windows\system32\dllcache\6to4svc.dll
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --a------ d:\windows\system32\6to4svc.dll
    2009-01-07 15:41 . 2004-08-20 00:10 88,576 --a------ d:\windows\system32\netsh.exe
    2009-01-07 15:41 . 2004-08-20 00:09 82,944 --a------ d:\windows\system32\ws2_32.dll
    2009-01-07 15:41 . 2004-08-20 00:09 59,904 --a------ d:\windows\system32\ipv6mon.dll
    2009-01-07 15:41 . 2004-08-20 00:09 53,760 --a------ d:\windows\system32\ipv6.exe
    2009-01-07 15:41 . 2004-08-20 00:09 33,280 --a------ d:\windows\system32\inetmib1.dll
    2009-01-07 15:41 . 2004-08-20 00:09 14,336 --a------ d:\windows\system32\wship6.dll
    2009-01-07 15:41 . 2004-08-04 07:03 12,416 --a------ d:\windows\system32\drivers\tunmp.sys
    2009-01-07 15:40 . 2005-10-20 23:25 1,097,728 --a------ d:\windows\system32\esent.dll
    2009-01-07 15:40 . 2005-01-11 02:01 128,512 --a------ d:\windows\system32\dllcache\dhtmled.ocx
    2009-01-07 15:40 . 2005-04-22 06:08 57,344 --a------ d:\windows\system32\dllcache\agentdpv.dll
    2009-01-07 15:26 . 2006-03-17 01:38 28,672 --a------ d:\windows\system32\verclsid.exe
    2009-01-07 15:24 . 2008-09-04 17:45 1,106,944 --a------ d:\windows\system32\msxml3.dll
    2009-01-07 15:24 . 2005-08-22 19:35 197,632 --a------ d:\windows\system32\netman.dll
    2009-01-07 15:23 . 2006-09-04 07:12 1,494,528 --------- d:\windows\system32\dllcache\shdocvw.dll
    2009-01-07 15:23 . 2008-10-15 17:59 332,800 --------- d:\windows\system32\dllcache\netapi32.dll
    2009-01-07 15:22 . 2005-06-29 02:49 74,240 --a------ d:\windows\system32\mscms.dll
    2009-01-07 15:21 . 2005-06-15 18:50 295,936 --a------ d:\windows\system32\kerberos.dll
    2009-01-07 15:21 . 2005-08-23 04:39 124,928 --a------ d:\windows\system32\umpnpmgr.dll
    2009-01-07 15:21 . 2006-01-04 04:35 68,096 --a------ d:\windows\system32\webclnt.dll
    2009-01-07 15:20 . 2004-08-20 00:09 388,096 --a------ d:\windows\system32\ipsmsnap.dll
    2009-01-07 15:20 . 2004-08-20 00:09 361,472 --a------ d:\windows\system32\ipsecsnp.dll
    2009-01-07 15:20 . 2004-08-20 00:09 267,776 --a------ d:\windows\system32\oakley.dll
    2009-01-07 15:20 . 2004-08-20 00:09 184,320 --a------ d:\windows\system32\ipsecsvc.dll
    2009-01-07 15:20 . 2006-06-22 11:48 181,248 --------- d:\windows\system32\dllcache\rasmans.dll
    2009-01-07 15:20 . 2004-08-20 00:09 106,496 --a------ d:\windows\system32\polstore.dll
    2009-01-07 15:20 . 2004-08-20 00:09 32,768 --a------ d:\windows\system32\winipsec.dll
    2009-01-07 15:12 . 2009-01-07 15:12 <REP> d-------- d:\windows\system32\bits
    2009-01-07 15:11 . 2006-06-26 18:41 8,192 --------- d:\windows\system32\dllcache\rasadhlp.dll
    2009-01-07 15:09 . 2009-01-09 01:06 1,355 --a------ d:\windows\imsins.BAK
    2009-01-07 15:07 . 2008-10-16 14:08 27,672 --a------ d:\windows\system32\wuapi.dll.mui
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\program files\SUPERAntiSpyware
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:07 . 2009-01-07 01:07 268 --ah----- D:\sqmdata19.sqm
    2009-01-07 01:07 . 2009-01-07 01:07 244 --ah----- D:\sqmnoopt19.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 268 --ah----- D:\sqmdata18.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 244 --ah----- D:\sqmnoopt18.sqm
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\program files\Malwarebytes' Anti-Malware
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53 . 2008-06-28 14:16 34,296 --a------ d:\windows\system32\drivers\mbamcatchme.sys
    2009-01-06 21:53 . 2008-06-28 14:16 17,144 --a------ d:\windows\system32\drivers\mbam.sys
    2009-01-06 21:46 . 2009-01-06 21:46 268 --ah----- D:\sqmdata17.sqm
    2009-01-06 21:46 . 2009-01-06 21:46 244 --ah----- D:\sqmnoopt17.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 268 --ah----- D:\sqmdata16.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 244 --ah----- D:\sqmnoopt16.sqm
    2008-12-30 18:21 . 2008-12-30 18:21 <REP> d-------- D:\VundoFix Backups
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Modèles
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Mes documents
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Favoris
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Bureau
    2008-12-30 17:50 . 2008-12-30 17:50 <REP> d-------- d:\documents and settings\Administrateur
    2008-12-30 16:02 . 2008-12-30 16:02 126,464 --a------ d:\windows\system32\poioks.dll
    2008-12-30 16:02 . 2008-12-30 16:02 126,464 --a------ d:\windows\system32\jjdktvhi.dll
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\program files\Avira
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\documents and settings\All Users\Application Data\Avira
    2008-12-30 15:25 . 2008-12-30 15:25 <REP> d-------- d:\program files\SpywareBlaster
    2008-12-30 15:25 . 2008-12-30 15:26 <REP> d-------- d:\documents and settings\All Users\Application Data\TEMP
    2008-12-29 18:31 . 2008-06-19 17:24 28,544 --a------ d:\windows\system32\drivers\pavboot.sys
    2008-12-29 18:30 . 2008-12-29 18:30 <REP> d-------- d:\program files\Panda Security
    2008-12-29 17:34 . 2008-12-29 17:34 <REP> d--hs---- D:\FOUND.005
    2008-12-28 14:09 . 2008-12-28 14:09 <REP> d--hs---- D:\FOUND.004
    2008-12-27 17:10 . 2008-12-27 17:10 120 ---hs---- d:\windows\system32\ttfawfqc.ini
    2008-12-27 17:08 . 2008-12-27 17:08 126,464 --a------ d:\windows\system32\mkyscq.dll
    2008-12-27 17:08 . 2008-12-27 17:08 126,464 --a------ d:\windows\system32\gpnkylva.dll
    2008-12-25 22:23 . 2008-12-25 22:23 <REP> d--hs---- D:\FOUND.003
    2008-12-25 20:11 . 2008-12-25 20:11 120 ---hs---- d:\windows\system32\ynqernvd.ini
    2008-12-25 01:04 . 2008-12-25 01:04 <REP> d-------- d:\program files\Alwil Software
    2008-12-25 01:04 . 2003-03-18 21:20 1,060,864 --a------ d:\windows\system32\MFC71.dll
    2008-12-24 19:14 . 2008-12-24 19:14 126,464 --a------ d:\windows\system32\lvqevsoh.dll
    2008-12-24 19:14 . 2008-12-24 19:14 126,464 --a------ d:\windows\system32\igdjxa.dll
    2008-12-24 19:14 . 2008-12-24 19:14 120 ---hs---- d:\windows\system32\vtwniopc.ini
    2008-12-23 21:08 . 2008-12-23 21:08 126,464 --a------ d:\windows\system32\mabajf.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 13:59 421 ----a-w d:\program files\Raccourci vers SUPERAntiSpyware.lnk
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll
    2008-10-16 13:12 202,776 ----a-w d:\windows\system32\wuweb.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w d:\windows\system32\muweb.dll
    2008-10-16 13:06 268,648 ----a-w d:\windows\system32\mucltui.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-01-02 66912]

    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    2008-01-02 12:37 66912 --a------ d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "msnmsgr"="d:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-20 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelAudioStudio"="d:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 9129984]
    "NvCplDaemon"="d:\windows\System32\NvCpl.dll" [2007-06-29 8466432]
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "Adobe Photo Downloader"="d:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
    "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
    "avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NvMediaCenter"="d:\windows\System32\NvMcTray.dll" [2007-06-29 81920]
    "LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 d:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2007-06-29 d:\windows\system32\nwiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 d:\windows\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
    "Picasa Media Detector"="d:\picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=mabajf.dll mkyscq.dll poioks.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_SZ msv1_0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 avgntmgr;avgntmgr;d:\windows\system32\DRIVERS\avgntmgr.sys [2008-12-30 22336]
    R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2008-12-29 28544]
    R1 avgntdd;avgntdd;d:\windows\system32\DRIVERS\avgntdd.sys [2008-12-30 45376]
    S3 FLASHSYS;FLASHSYS;\??\d:\windows\System32\DRIVERS\FLASHSYS.sys []
    S3 WEBNTACCESS;WEBNTACCESS;\??\d:\windows\System32\NTACCESS.SYS []

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-07 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

    2009-01-09 d:\windows\Tasks\bdlexcsv.job
    - d:\windows\system32\rundll32.exe [2004-08-20 00:10]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7} - (no file)
    BHO-{62761C2C-8EA6-451B-A658-B49DB743189E} - (no file)
    BHO-{8177813A-E778-4D08-8EDA-2E59B28C9964} - (no file)
    BHO-{A55023C7-13C7-468C-B15A-5FDE29185907} - (no file)
    BHO-{B73F3E9D-4864-44FC-A2A6-5B3993E427E2} - (no file)
    HKLM-Run-WUSB54GPv4 - d:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
    HKLM-Run-UpdReg - d:\windows\UpdReg.EXE
    HKLM-Run-LiveMonitor - d:\program files\MSI\Live Update 3\LMonitor.exe
    HKLM-Run-CTSysVol - d:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    HKLM-Run-ATICCC - d:\program files\ATI Technologies\ATI.ACE\cli.exe
    HKLM-Run-382b1e54 - d:\windows\System32\cqfwaftt.dll
    HKLM-Run-SigmatelSysTrayApp - sttray.exe
    HKLM-Run-P17Helper - P17.dll
    HKLM-Run-ATIModeChange - Ati2mdxx.exe
    Notify-AtiExtEvent - (no file)
    Notify-rqRLeeBQ - (no file)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:15, on 09/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\ATKKBService.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\wbem\wmiapsrv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\WINDOWS\System32\LVComS.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\explorer.exe
    D:\Documents and Settings\Mamet\Bureau\JEANTHIS.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Wireless LAN Utility.lnk = D:\Program Files\WLAN\WLAN\wlanutil.exe
    O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
    O20 - AppInit_DLLs: mabajf.dll mkyscq.dll poioks.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    0
  9. uncleone Messages postés 19 Statut Membre
     
    ComboFix 08-12-31.01 - Mamet 2009-01-09 18:14:54.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502.232 [GMT 1:00]
    Lancé depuis: d:\documents and settings\Mamet\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .
    - Mode FONCTIONNALITES REDUITES -
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-09 au 2009-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- D:\rsit
    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- d:\program files\trend micro
    2009-01-08 18:21 . 2008-04-11 19:51 683,520 --------- d:\windows\system32\dllcache\inetcomm.dll
    2009-01-08 18:18 . 2008-10-03 11:17 247,326 --------- d:\windows\system32\dllcache\strmdll.dll
    2009-01-07 23:31 . 2009-01-07 23:31 <REP> d-------- d:\documents and settings\LocalService\Menu Démarrer
    2009-01-07 22:42 . 2004-08-20 00:09 221,184 --a------ d:\windows\system32\wmpns.dll
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\provisioning
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\peernet
    2009-01-07 22:38 . 2009-01-07 22:38 <REP> d-------- d:\windows\ServicePackFiles
    2009-01-07 22:31 . 2009-01-07 22:31 <REP> d-------- d:\windows\EHome
    2009-01-07 21:05 . 2002-04-15 21:11 67,866 --------- d:\windows\system32\drivers\netwlan5.img
    2009-01-07 21:05 . 2004-08-19 16:10 11,776 --------- d:\windows\system32\spnpinst.exe
    2009-01-07 21:05 . 2004-08-02 14:20 7,208 --------- d:\windows\system32\secupd.sig
    2009-01-07 21:05 . 2004-08-02 14:20 4,569 --------- d:\windows\system32\secupd.dat
    2009-01-07 20:14 . 2003-02-28 16:34 313,856 --a------ d:\windows\system32\dx3j.dll
    2009-01-07 20:14 . 2003-02-28 18:26 286,992 --a------ d:\windows\system32\vmhelper.dll
    2009-01-07 20:14 . 2003-02-28 18:26 171,792 --a------ d:\windows\system32\wjview.exe
    2009-01-07 20:14 . 2003-02-28 18:26 171,280 --a------ d:\windows\system32\jit.dll
    2009-01-07 20:14 . 2003-02-28 18:26 139,536 --a------ d:\windows\system32\javaee.dll
    2009-01-07 20:14 . 2003-02-28 18:26 46,352 --a------ d:\windows\setdebug.exe
    2009-01-07 20:14 . 2003-02-28 16:54 7,315 --a------ d:\windows\system32\javasup.vxd
    2009-01-07 20:14 . 2003-02-28 16:35 6,550 --a------ d:\windows\jautoexp.dat
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedon.reg
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedoff.reg
    2009-01-07 20:13 . 2003-02-28 18:26 947,472 --a------ d:\windows\system32\msjava.dll
    2009-01-07 20:13 . 2003-02-28 18:26 404,752 --a------ d:\windows\system32\javart.dll
    2009-01-07 20:13 . 2003-02-28 18:26 187,152 --a------ d:\windows\system32\javacypt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 172,304 --a------ d:\windows\system32\jview.exe
    2009-01-07 20:13 . 2003-02-28 18:26 154,384 --a------ d:\windows\system32\msawt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 63,248 --a------ d:\windows\system32\javaprxy.dll
    2009-01-07 20:13 . 2003-02-28 18:26 49,424 --a------ d:\windows\system32\clspack.exe
    2009-01-07 20:13 . 2003-02-28 18:26 21,264 --a------ d:\windows\system32\msjdbc10.dll
    2009-01-07 20:13 . 2003-02-28 18:26 15,120 --a------ d:\windows\system32\jdbgmgr.exe
    2009-01-07 19:40 . 2009-01-07 18:36 102,664 --a------ d:\windows\system32\drivers\tmcomm.sys
    2009-01-07 18:36 . 2009-01-07 18:36 <REP> d-------- d:\documents and settings\Mamet\.housecall6.6
    2009-01-07 16:02 . 2006-04-20 12:51 359,808 --------- d:\windows\system32\dllcache\tcpip.sys
    2009-01-07 15:55 . 2005-09-01 02:43 19,968 --a------ d:\windows\system32\linkinfo.dll
    2009-01-07 15:51 . 2004-08-20 00:09 102,912 --a------ d:\windows\system32\cscdll.dll
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --a------ d:\windows\system32\hhctrl.ocx
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --------- d:\windows\system32\dllcache\hhctrl.ocx
    2009-01-07 15:50 . 2005-07-08 17:28 249,344 --a------ d:\windows\system32\tapisrv.dll
    2009-01-07 15:47 . 2006-07-13 14:36 8,509,952 --------- d:\windows\system32\dllcache\shell32.dll
    2009-01-07 15:47 . 2004-08-20 00:09 716,800 --a------ d:\windows\system32\sxs.dll
    2009-01-07 15:47 . 2004-11-17 18:42 354,304 --a------ d:\windows\system32\hypertrm.dll
    2009-01-07 15:47 . 2004-08-20 00:09 88,064 --a------ d:\windows\system32\fldrclnr.dll
    2009-01-07 15:43 . 2006-08-25 16:51 617,472 --------- d:\windows\system32\dllcache\comctl32.dll
    2009-01-07 15:41 . 2006-08-16 10:37 225,664 --------- d:\windows\system32\dllcache\tcpip6.sys
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --------- d:\windows\system32\dllcache\6to4svc.dll
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --a------ d:\windows\system32\6to4svc.dll
    2009-01-07 15:41 . 2004-08-20 00:10 88,576 --a------ d:\windows\system32\netsh.exe
    2009-01-07 15:41 . 2004-08-20 00:09 82,944 --a------ d:\windows\system32\ws2_32.dll
    2009-01-07 15:41 . 2004-08-20 00:09 59,904 --a------ d:\windows\system32\ipv6mon.dll
    2009-01-07 15:41 . 2004-08-20 00:09 53,760 --a------ d:\windows\system32\ipv6.exe
    2009-01-07 15:41 . 2004-08-20 00:09 33,280 --a------ d:\windows\system32\inetmib1.dll
    2009-01-07 15:41 . 2004-08-20 00:09 14,336 --a------ d:\windows\system32\wship6.dll
    2009-01-07 15:41 . 2004-08-04 07:03 12,416 --a------ d:\windows\system32\drivers\tunmp.sys
    2009-01-07 15:40 . 2005-10-20 23:25 1,097,728 --a------ d:\windows\system32\esent.dll
    2009-01-07 15:40 . 2005-01-11 02:01 128,512 --a------ d:\windows\system32\dllcache\dhtmled.ocx
    2009-01-07 15:40 . 2005-04-22 06:08 57,344 --a------ d:\windows\system32\dllcache\agentdpv.dll
    2009-01-07 15:26 . 2006-03-17 01:38 28,672 --a------ d:\windows\system32\verclsid.exe
    2009-01-07 15:24 . 2008-09-04 17:45 1,106,944 --a------ d:\windows\system32\msxml3.dll
    2009-01-07 15:24 . 2005-08-22 19:35 197,632 --a------ d:\windows\system32\netman.dll
    2009-01-07 15:23 . 2006-09-04 07:12 1,494,528 --------- d:\windows\system32\dllcache\shdocvw.dll
    2009-01-07 15:23 . 2008-10-15 17:59 332,800 --------- d:\windows\system32\dllcache\netapi32.dll
    2009-01-07 15:22 . 2005-06-29 02:49 74,240 --a------ d:\windows\system32\mscms.dll
    2009-01-07 15:21 . 2005-06-15 18:50 295,936 --a------ d:\windows\system32\kerberos.dll
    2009-01-07 15:21 . 2005-08-23 04:39 124,928 --a------ d:\windows\system32\umpnpmgr.dll
    2009-01-07 15:21 . 2006-01-04 04:35 68,096 --a------ d:\windows\system32\webclnt.dll
    2009-01-07 15:20 . 2004-08-20 00:09 388,096 --a------ d:\windows\system32\ipsmsnap.dll
    2009-01-07 15:20 . 2004-08-20 00:09 361,472 --a------ d:\windows\system32\ipsecsnp.dll
    2009-01-07 15:20 . 2004-08-20 00:09 267,776 --a------ d:\windows\system32\oakley.dll
    2009-01-07 15:20 . 2004-08-20 00:09 184,320 --a------ d:\windows\system32\ipsecsvc.dll
    2009-01-07 15:20 . 2006-06-22 11:48 181,248 --------- d:\windows\system32\dllcache\rasmans.dll
    2009-01-07 15:20 . 2004-08-20 00:09 106,496 --a------ d:\windows\system32\polstore.dll
    2009-01-07 15:20 . 2004-08-20 00:09 32,768 --a------ d:\windows\system32\winipsec.dll
    2009-01-07 15:12 . 2009-01-07 15:12 <REP> d-------- d:\windows\system32\bits
    2009-01-07 15:11 . 2006-06-26 18:41 8,192 --------- d:\windows\system32\dllcache\rasadhlp.dll
    2009-01-07 15:09 . 2009-01-09 01:06 1,355 --a------ d:\windows\imsins.BAK
    2009-01-07 15:07 . 2008-10-16 14:08 27,672 --a------ d:\windows\system32\wuapi.dll.mui
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\program files\SUPERAntiSpyware
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:07 . 2009-01-07 01:07 268 --ah----- D:\sqmdata19.sqm
    2009-01-07 01:07 . 2009-01-07 01:07 244 --ah----- D:\sqmnoopt19.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 268 --ah----- D:\sqmdata18.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 244 --ah----- D:\sqmnoopt18.sqm
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\program files\Malwarebytes' Anti-Malware
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53 . 2008-06-28 14:16 34,296 --a------ d:\windows\system32\drivers\mbamcatchme.sys
    2009-01-06 21:53 . 2008-06-28 14:16 17,144 --a------ d:\windows\system32\drivers\mbam.sys
    2009-01-06 21:46 . 2009-01-06 21:46 268 --ah----- D:\sqmdata17.sqm
    2009-01-06 21:46 . 2009-01-06 21:46 244 --ah----- D:\sqmnoopt17.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 268 --ah----- D:\sqmdata16.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 244 --ah----- D:\sqmnoopt16.sqm
    2008-12-30 18:21 . 2008-12-30 18:21 <REP> d-------- D:\VundoFix Backups
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Modèles
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Mes documents
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Favoris
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Bureau
    2008-12-30 17:50 . 2008-12-30 17:50 <REP> d-------- d:\documents and settings\Administrateur
    2008-12-30 16:02 . 2008-12-30 16:02 126,464 --a------ d:\windows\system32\poioks.dll
    2008-12-30 16:02 . 2008-12-30 16:02 126,464 --a------ d:\windows\system32\jjdktvhi.dll
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\program files\Avira
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\documents and settings\All Users\Application Data\Avira
    2008-12-30 15:25 . 2008-12-30 15:25 <REP> d-------- d:\program files\SpywareBlaster
    2008-12-30 15:25 . 2008-12-30 15:26 <REP> d-------- d:\documents and settings\All Users\Application Data\TEMP
    2008-12-29 18:31 . 2008-06-19 17:24 28,544 --a------ d:\windows\system32\drivers\pavboot.sys
    2008-12-29 18:30 . 2008-12-29 18:30 <REP> d-------- d:\program files\Panda Security
    2008-12-29 17:34 . 2008-12-29 17:34 <REP> d--hs---- D:\FOUND.005
    2008-12-28 14:09 . 2008-12-28 14:09 <REP> d--hs---- D:\FOUND.004
    2008-12-27 17:10 . 2008-12-27 17:10 120 ---hs---- d:\windows\system32\ttfawfqc.ini
    2008-12-27 17:08 . 2008-12-27 17:08 126,464 --a------ d:\windows\system32\mkyscq.dll
    2008-12-27 17:08 . 2008-12-27 17:08 126,464 --a------ d:\windows\system32\gpnkylva.dll
    2008-12-25 22:23 . 2008-12-25 22:23 <REP> d--hs---- D:\FOUND.003
    2008-12-25 20:11 . 2008-12-25 20:11 120 ---hs---- d:\windows\system32\ynqernvd.ini
    2008-12-25 01:04 . 2008-12-25 01:04 <REP> d-------- d:\program files\Alwil Software
    2008-12-25 01:04 . 2003-03-18 21:20 1,060,864 --a------ d:\windows\system32\MFC71.dll
    2008-12-24 19:14 . 2008-12-24 19:14 126,464 --a------ d:\windows\system32\lvqevsoh.dll
    2008-12-24 19:14 . 2008-12-24 19:14 126,464 --a------ d:\windows\system32\igdjxa.dll
    2008-12-24 19:14 . 2008-12-24 19:14 120 ---hs---- d:\windows\system32\vtwniopc.ini
    2008-12-23 21:08 . 2008-12-23 21:08 126,464 --a------ d:\windows\system32\mabajf.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 13:59 421 ----a-w d:\program files\Raccourci vers SUPERAntiSpyware.lnk
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll
    2008-10-16 13:12 202,776 ----a-w d:\windows\system32\wuweb.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w d:\windows\system32\muweb.dll
    2008-10-16 13:06 268,648 ----a-w d:\windows\system32\mucltui.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-01-02 66912]

    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    2008-01-02 12:37 66912 --a------ d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "msnmsgr"="d:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-20 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelAudioStudio"="d:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 9129984]
    "NvCplDaemon"="d:\windows\System32\NvCpl.dll" [2007-06-29 8466432]
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "Adobe Photo Downloader"="d:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
    "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
    "avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NvMediaCenter"="d:\windows\System32\NvMcTray.dll" [2007-06-29 81920]
    "LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 d:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2007-06-29 d:\windows\system32\nwiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 d:\windows\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
    "Picasa Media Detector"="d:\picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=mabajf.dll mkyscq.dll poioks.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_SZ msv1_0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 avgntmgr;avgntmgr;d:\windows\system32\DRIVERS\avgntmgr.sys [2008-12-30 22336]
    R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2008-12-29 28544]
    R1 avgntdd;avgntdd;d:\windows\system32\DRIVERS\avgntdd.sys [2008-12-30 45376]
    S3 FLASHSYS;FLASHSYS;\??\d:\windows\System32\DRIVERS\FLASHSYS.sys []
    S3 WEBNTACCESS;WEBNTACCESS;\??\d:\windows\System32\NTACCESS.SYS []

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-07 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

    2009-01-09 d:\windows\Tasks\bdlexcsv.job
    - d:\windows\system32\rundll32.exe [2004-08-20 00:10]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7} - (no file)
    BHO-{62761C2C-8EA6-451B-A658-B49DB743189E} - (no file)
    BHO-{8177813A-E778-4D08-8EDA-2E59B28C9964} - (no file)
    BHO-{A55023C7-13C7-468C-B15A-5FDE29185907} - (no file)
    BHO-{B73F3E9D-4864-44FC-A2A6-5B3993E427E2} - (no file)
    HKLM-Run-WUSB54GPv4 - d:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
    HKLM-Run-UpdReg - d:\windows\UpdReg.EXE
    HKLM-Run-LiveMonitor - d:\program files\MSI\Live Update 3\LMonitor.exe
    HKLM-Run-CTSysVol - d:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    HKLM-Run-ATICCC - d:\program files\ATI Technologies\ATI.ACE\cli.exe
    HKLM-Run-382b1e54 - d:\windows\System32\cqfwaftt.dll
    HKLM-Run-SigmatelSysTrayApp - sttray.exe
    HKLM-Run-P17Helper - P17.dll
    HKLM-Run-ATIModeChange - Ati2mdxx.exe
    Notify-AtiExtEvent - (no file)
    Notify-rqRLeeBQ - (no file)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:15, on 09/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\ATKKBService.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\wbem\wmiapsrv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\WINDOWS\System32\LVComS.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\explorer.exe
    D:\Documents and Settings\Mamet\Bureau\JEANTHIS.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Wireless LAN Utility.lnk = D:\Program Files\WLAN\WLAN\wlanutil.exe
    O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
    O20 - AppInit_DLLs: mabajf.dll mkyscq.dll poioks.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    0
  10. uncleone Messages postés 19 Statut Membre
     
    ComboFix 08-12-31.01 - Mamet 2009-01-09 18:14:54.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502.232 [GMT 1:00]
    Lancé depuis: d:\documents and settings\Mamet\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .
    - Mode FONCTIONNALITES REDUITES -
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-09 au 2009-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- D:\rsit
    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- d:\program files\trend micro
    2009-01-08 18:21 . 2008-04-11 19:51 683,520 --------- d:\windows\system32\dllcache\inetcomm.dll
    2009-01-08 18:18 . 2008-10-03 11:17 247,326 --------- d:\windows\system32\dllcache\strmdll.dll
    2009-01-07 23:31 . 2009-01-07 23:31 <REP> d-------- d:\documents and settings\LocalService\Menu Démarrer
    2009-01-07 22:42 . 2004-08-20 00:09 221,184 --a------ d:\windows\system32\wmpns.dll
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\provisioning
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\peernet
    2009-01-07 22:38 . 2009-01-07 22:38 <REP> d-------- d:\windows\ServicePackFiles
    2009-01-07 22:31 . 2009-01-07 22:31 <REP> d-------- d:\windows\EHome
    2009-01-07 21:05 . 2002-04-15 21:11 67,866 --------- d:\windows\system32\drivers\netwlan5.img
    2009-01-07 21:05 . 2004-08-19 16:10 11,776 --------- d:\windows\system32\spnpinst.exe
    2009-01-07 21:05 . 2004-08-02 14:20 7,208 --------- d:\windows\system32\secupd.sig
    2009-01-07 21:05 . 2004-08-02 14:20 4,569 --------- d:\windows\system32\secupd.dat
    2009-01-07 20:14 . 2003-02-28 16:34 313,856 --a------ d:\windows\system32\dx3j.dll
    2009-01-07 20:14 . 2003-02-28 18:26 286,992 --a------ d:\windows\system32\vmhelper.dll
    2009-01-07 20:14 . 2003-02-28 18:26 171,792 --a------ d:\windows\system32\wjview.exe
    2009-01-07 20:14 . 2003-02-28 18:26 171,280 --a------ d:\windows\system32\jit.dll
    2009-01-07 20:14 . 2003-02-28 18:26 139,536 --a------ d:\windows\system32\javaee.dll
    2009-01-07 20:14 . 2003-02-28 18:26 46,352 --a------ d:\windows\setdebug.exe
    2009-01-07 20:14 . 2003-02-28 16:54 7,315 --a------ d:\windows\system32\javasup.vxd
    2009-01-07 20:14 . 2003-02-28 16:35 6,550 --a------ d:\windows\jautoexp.dat
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedon.reg
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedoff.reg
    2009-01-07 20:13 . 2003-02-28 18:26 947,472 --a------ d:\windows\system32\msjava.dll
    2009-01-07 20:13 . 2003-02-28 18:26 404,752 --a------ d:\windows\system32\javart.dll
    2009-01-07 20:13 . 2003-02-28 18:26 187,152 --a------ d:\windows\system32\javacypt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 172,304 --a------ d:\windows\system32\jview.exe
    2009-01-07 20:13 . 2003-02-28 18:26 154,384 --a------ d:\windows\system32\msawt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 63,248 --a------ d:\windows\system32\javaprxy.dll
    2009-01-07 20:13 . 2003-02-28 18:26 49,424 --a------ d:\windows\system32\clspack.exe
    2009-01-07 20:13 . 2003-02-28 18:26 21,264 --a------ d:\windows\system32\msjdbc10.dll
    2009-01-07 20:13 . 2003-02-28 18:26 15,120 --a------ d:\windows\system32\jdbgmgr.exe
    2009-01-07 19:40 . 2009-01-07 18:36 102,664 --a------ d:\windows\system32\drivers\tmcomm.sys
    2009-01-07 18:36 . 2009-01-07 18:36 <REP> d-------- d:\documents and settings\Mamet\.housecall6.6
    2009-01-07 16:02 . 2006-04-20 12:51 359,808 --------- d:\windows\system32\dllcache\tcpip.sys
    2009-01-07 15:55 . 2005-09-01 02:43 19,968 --a------ d:\windows\system32\linkinfo.dll
    2009-01-07 15:51 . 2004-08-20 00:09 102,912 --a------ d:\windows\system32\cscdll.dll
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --a------ d:\windows\system32\hhctrl.ocx
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --------- d:\windows\system32\dllcache\hhctrl.ocx
    2009-01-07 15:50 . 2005-07-08 17:28 249,344 --a------ d:\windows\system32\tapisrv.dll
    2009-01-07 15:47 . 2006-07-13 14:36 8,509,952 --------- d:\windows\system32\dllcache\shell32.dll
    2009-01-07 15:47 . 2004-08-20 00:09 716,800 --a------ d:\windows\system32\sxs.dll
    2009-01-07 15:47 . 2004-11-17 18:42 354,304 --a------ d:\windows\system32\hypertrm.dll
    2009-01-07 15:47 . 2004-08-20 00:09 88,064 --a------ d:\windows\system32\fldrclnr.dll
    2009-01-07 15:43 . 2006-08-25 16:51 617,472 --------- d:\windows\system32\dllcache\comctl32.dll
    2009-01-07 15:41 . 2006-08-16 10:37 225,664 --------- d:\windows\system32\dllcache\tcpip6.sys
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --------- d:\windows\system32\dllcache\6to4svc.dll
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --a------ d:\windows\system32\6to4svc.dll
    2009-01-07 15:41 . 2004-08-20 00:10 88,576 --a------ d:\windows\system32\netsh.exe
    2009-01-07 15:41 . 2004-08-20 00:09 82,944 --a------ d:\windows\system32\ws2_32.dll
    2009-01-07 15:41 . 2004-08-20 00:09 59,904 --a------ d:\windows\system32\ipv6mon.dll
    2009-01-07 15:41 . 2004-08-20 00:09 53,760 --a------ d:\windows\system32\ipv6.exe
    2009-01-07 15:41 . 2004-08-20 00:09 33,280 --a------ d:\windows\system32\inetmib1.dll
    2009-01-07 15:41 . 2004-08-20 00:09 14,336 --a------ d:\windows\system32\wship6.dll
    2009-01-07 15:41 . 2004-08-04 07:03 12,416 --a------ d:\windows\system32\drivers\tunmp.sys
    2009-01-07 15:40 . 2005-10-20 23:25 1,097,728 --a------ d:\windows\system32\esent.dll
    2009-01-07 15:40 . 2005-01-11 02:01 128,512 --a------ d:\windows\system32\dllcache\dhtmled.ocx
    2009-01-07 15:40 . 2005-04-22 06:08 57,344 --a------ d:\windows\system32\dllcache\agentdpv.dll
    2009-01-07 15:26 . 2006-03-17 01:38 28,672 --a------ d:\windows\system32\verclsid.exe
    2009-01-07 15:24 . 2008-09-04 17:45 1,106,944 --a------ d:\windows\system32\msxml3.dll
    2009-01-07 15:24 . 2005-08-22 19:35 197,632 --a------ d:\windows\system32\netman.dll
    2009-01-07 15:23 . 2006-09-04 07:12 1,494,528 --------- d:\windows\system32\dllcache\shdocvw.dll
    2009-01-07 15:23 . 2008-10-15 17:59 332,800 --------- d:\windows\system32\dllcache\netapi32.dll
    2009-01-07 15:22 . 2005-06-29 02:49 74,240 --a------ d:\windows\system32\mscms.dll
    2009-01-07 15:21 . 2005-06-15 18:50 295,936 --a------ d:\windows\system32\kerberos.dll
    2009-01-07 15:21 . 2005-08-23 04:39 124,928 --a------ d:\windows\system32\umpnpmgr.dll
    2009-01-07 15:21 . 2006-01-04 04:35 68,096 --a------ d:\windows\system32\webclnt.dll
    2009-01-07 15:20 . 2004-08-20 00:09 388,096 --a------ d:\windows\system32\ipsmsnap.dll
    2009-01-07 15:20 . 2004-08-20 00:09 361,472 --a------ d:\windows\system32\ipsecsnp.dll
    2009-01-07 15:20 . 2004-08-20 00:09 267,776 --a------ d:\windows\system32\oakley.dll
    2009-01-07 15:20 . 2004-08-20 00:09 184,320 --a------ d:\windows\system32\ipsecsvc.dll
    2009-01-07 15:20 . 2006-06-22 11:48 181,248 --------- d:\windows\system32\dllcache\rasmans.dll
    2009-01-07 15:20 . 2004-08-20 00:09 106,496 --a------ d:\windows\system32\polstore.dll
    2009-01-07 15:20 . 2004-08-20 00:09 32,768 --a------ d:\windows\system32\winipsec.dll
    2009-01-07 15:12 . 2009-01-07 15:12 <REP> d-------- d:\windows\system32\bits
    2009-01-07 15:11 . 2006-06-26 18:41 8,192 --------- d:\windows\system32\dllcache\rasadhlp.dll
    2009-01-07 15:09 . 2009-01-09 01:06 1,355 --a------ d:\windows\imsins.BAK
    2009-01-07 15:07 . 2008-10-16 14:08 27,672 --a------ d:\windows\system32\wuapi.dll.mui
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\program files\SUPERAntiSpyware
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:07 . 2009-01-07 01:07 268 --ah----- D:\sqmdata19.sqm
    2009-01-07 01:07 . 2009-01-07 01:07 244 --ah----- D:\sqmnoopt19.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 268 --ah----- D:\sqmdata18.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 244 --ah----- D:\sqmnoopt18.sqm
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\program files\Malwarebytes' Anti-Malware
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53 . 2008-06-28 14:16 34,296 --a------ d:\windows\system32\drivers\mbamcatchme.sys
    2009-01-06 21:53 . 2008-06-28 14:16 17,144 --a------ d:\windows\system32\drivers\mbam.sys
    2009-01-06 21:46 . 2009-01-06 21:46 268 --ah----- D:\sqmdata17.sqm
    2009-01-06 21:46 . 2009-01-06 21:46 244 --ah----- D:\sqmnoopt17.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 268 --ah----- D:\sqmdata16.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 244 --ah----- D:\sqmnoopt16.sqm
    2008-12-30 18:21 . 2008-12-30 18:21 <REP> d-------- D:\VundoFix Backups
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Modèles
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Mes documents
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Favoris
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Bureau
    2008-12-30 17:50 . 2008-12-30 17:50 <REP> d-------- d:\documents and settings\Administrateur
    2008-12-30 16:02 . 2008-12-30 16:02 126,464 --a------ d:\windows\system32\poioks.dll
    2008-12-30 16:02 . 2008-12-30 16:02 126,464 --a------ d:\windows\system32\jjdktvhi.dll
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\program files\Avira
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\documents and settings\All Users\Application Data\Avira
    2008-12-30 15:25 . 2008-12-30 15:25 <REP> d-------- d:\program files\SpywareBlaster
    2008-12-30 15:25 . 2008-12-30 15:26 <REP> d-------- d:\documents and settings\All Users\Application Data\TEMP
    2008-12-29 18:31 . 2008-06-19 17:24 28,544 --a------ d:\windows\system32\drivers\pavboot.sys
    2008-12-29 18:30 . 2008-12-29 18:30 <REP> d-------- d:\program files\Panda Security
    2008-12-29 17:34 . 2008-12-29 17:34 <REP> d--hs---- D:\FOUND.005
    2008-12-28 14:09 . 2008-12-28 14:09 <REP> d--hs---- D:\FOUND.004
    2008-12-27 17:10 . 2008-12-27 17:10 120 ---hs---- d:\windows\system32\ttfawfqc.ini
    2008-12-27 17:08 . 2008-12-27 17:08 126,464 --a------ d:\windows\system32\mkyscq.dll
    2008-12-27 17:08 . 2008-12-27 17:08 126,464 --a------ d:\windows\system32\gpnkylva.dll
    2008-12-25 22:23 . 2008-12-25 22:23 <REP> d--hs---- D:\FOUND.003
    2008-12-25 20:11 . 2008-12-25 20:11 120 ---hs---- d:\windows\system32\ynqernvd.ini
    2008-12-25 01:04 . 2008-12-25 01:04 <REP> d-------- d:\program files\Alwil Software
    2008-12-25 01:04 . 2003-03-18 21:20 1,060,864 --a------ d:\windows\system32\MFC71.dll
    2008-12-24 19:14 . 2008-12-24 19:14 126,464 --a------ d:\windows\system32\lvqevsoh.dll
    2008-12-24 19:14 . 2008-12-24 19:14 126,464 --a------ d:\windows\system32\igdjxa.dll
    2008-12-24 19:14 . 2008-12-24 19:14 120 ---hs---- d:\windows\system32\vtwniopc.ini
    2008-12-23 21:08 . 2008-12-23 21:08 126,464 --a------ d:\windows\system32\mabajf.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 13:59 421 ----a-w d:\program files\Raccourci vers SUPERAntiSpyware.lnk
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll
    2008-10-16 13:12 202,776 ----a-w d:\windows\system32\wuweb.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w d:\windows\system32\muweb.dll
    2008-10-16 13:06 268,648 ----a-w d:\windows\system32\mucltui.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-01-02 66912]

    [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    2008-01-02 12:37 66912 --a------ d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "msnmsgr"="d:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-20 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelAudioStudio"="d:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 9129984]
    "NvCplDaemon"="d:\windows\System32\NvCpl.dll" [2007-06-29 8466432]
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "Adobe Photo Downloader"="d:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
    "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
    "avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NvMediaCenter"="d:\windows\System32\NvMcTray.dll" [2007-06-29 81920]
    "LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 d:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2007-06-29 d:\windows\system32\nwiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 d:\windows\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
    "Picasa Media Detector"="d:\picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=mabajf.dll mkyscq.dll poioks.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_SZ msv1_0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 avgntmgr;avgntmgr;d:\windows\system32\DRIVERS\avgntmgr.sys [2008-12-30 22336]
    R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2008-12-29 28544]
    R1 avgntdd;avgntdd;d:\windows\system32\DRIVERS\avgntdd.sys [2008-12-30 45376]
    S3 FLASHSYS;FLASHSYS;\??\d:\windows\System32\DRIVERS\FLASHSYS.sys []
    S3 WEBNTACCESS;WEBNTACCESS;\??\d:\windows\System32\NTACCESS.SYS []

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-07 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

    2009-01-09 d:\windows\Tasks\bdlexcsv.job
    - d:\windows\system32\rundll32.exe [2004-08-20 00:10]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7} - (no file)
    BHO-{62761C2C-8EA6-451B-A658-B49DB743189E} - (no file)
    BHO-{8177813A-E778-4D08-8EDA-2E59B28C9964} - (no file)
    BHO-{A55023C7-13C7-468C-B15A-5FDE29185907} - (no file)
    BHO-{B73F3E9D-4864-44FC-A2A6-5B3993E427E2} - (no file)
    HKLM-Run-WUSB54GPv4 - d:\program files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
    HKLM-Run-UpdReg - d:\windows\UpdReg.EXE
    HKLM-Run-LiveMonitor - d:\program files\MSI\Live Update 3\LMonitor.exe
    HKLM-Run-CTSysVol - d:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    HKLM-Run-ATICCC - d:\program files\ATI Technologies\ATI.ACE\cli.exe
    HKLM-Run-382b1e54 - d:\windows\System32\cqfwaftt.dll
    HKLM-Run-SigmatelSysTrayApp - sttray.exe
    HKLM-Run-P17Helper - P17.dll
    HKLM-Run-ATIModeChange - Ati2mdxx.exe
    Notify-AtiExtEvent - (no file)
    Notify-rqRLeeBQ - (no file)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:15, on 09/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\ATKKBService.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\wbem\wmiapsrv.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\WINDOWS\System32\LVComS.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\explorer.exe
    D:\Documents and Settings\Mamet\Bureau\JEANTHIS.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Wireless LAN Utility.lnk = D:\Program Files\WLAN\WLAN\wlanutil.exe
    O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
    O20 - AppInit_DLLs: mabajf.dll mkyscq.dll poioks.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    mets un rapport avec malwrebyte et antivir que tu as

    et

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. uncleone Messages postés 19 Statut Membre
       
      ci-joint les logs demandés

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 3.06GHz )
      BIOS : Default System BIOS
      USER : Mamet ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - FAT32 - Total:21 Go (Free:19 Go)
      D:\ (Local Disk) - FAT32 - Total:54 Go (Free:3 Go)
      E:\ (USB) - FAT - Total:1967 Mo (Free:1 Go)
      Z:\ (CD or DVD)

      "D:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 09/01/2009|23:43 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      D:\Program Files\AskSBar
      D:\Program Files\AskSBar\SrchAstt
      D:\Program Files\AskSBar\SrchAstt\1.bin
      D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Local Page"="D:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "D:\ToolBar SD\TB_1.txt" - 09/01/2009|23:45 - Option : [1]

      -----------\\ Fin du rapport a 23:45:00,89





      Avira AntiVir Personal
      Date de création du fichier de rapport : vendredi 9 janvier 2009 12:00

      La recherche porte sur 1157329 souches de virus.

      Détenteur de la licence :Avira AntiVir PersonalEdition Classic
      Numéro de série : 0000149996-ADJIE-0001
      Plateforme : Windows XP
      Version de Windows :(Service Pack 2) [5.1.2600]
      Mode Boot : Démarré normalement
      Identifiant : SYSTEM
      Nom de l'ordinateur :MAUD

      Informations de version :
      BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 30/12/2008 14:54:44
      AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:28
      LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:18
      LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:28
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 14:54:44
      ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 14:54:44
      ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 02/01/2009 13:18:40
      ANTIVIR3.VDF : 7.1.1.80 212480 Bytes 07/01/2009 18:08:06
      Version du moteur: 8.2.0.45
      AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:58
      AESCRIPT.DLL : 8.1.1.19 336252 Bytes 30/12/2008 14:54:44
      AESCN.DLL : 8.1.1.5 123251 Bytes 30/12/2008 14:54:44
      AERDL.DLL : 8.1.1.3 438645 Bytes 30/12/2008 14:54:44
      AEPACK.DLL : 8.1.3.4 393591 Bytes 30/12/2008 14:54:44
      AEOFFICE.DLL : 8.1.0.33 196987 Bytes 30/12/2008 14:54:44
      AEHEUR.DLL : 8.1.0.75 1524087 Bytes 30/12/2008 14:54:44
      AEHELP.DLL : 8.1.2.0 119159 Bytes 30/12/2008 14:54:44
      AEGEN.DLL : 8.1.1.8 323956 Bytes 30/12/2008 14:54:44
      AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:58
      AECORE.DLL : 8.1.5.2 172405 Bytes 30/12/2008 14:54:44
      AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:58
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:04
      AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:00
      AVREP.DLL : 8.0.0.2 98344 Bytes 30/12/2008 14:54:44
      AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:38
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:20
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:48
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:38
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:08
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:18
      RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:44

      Configuration pour la recherche actuelle :
      Nom de la tâche..................: Disques durs locaux
      Fichier de configuration.........: D:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
      Documentation....................: bas
      Action principale................: interactif
      Action secondaire................: ignorer
      Recherche sur les secteurs d'amorçage maître: marche
      Recherche sur les secteurs d'amorçage: marche
      Secteurs d'amorçage..............: C:, D:,
      Recherche dans les programmes actifs: marche
      Recherche en cours sur l'enregistrement: marche
      Recherche de Rootkits............: arrêt
      Fichier mode de recherche........: Sélection de fichiers intelligente
      Recherche sur les archives.......: marche
      Limiter la profondeur de récursivité: 20
      Archive Smart Extensions.........: marche
      Heuristique de macrovirus........: marche
      Heuristique fichier..............: moyen

      Début de la recherche : vendredi 9 janvier 2009 12:00

      La recherche sur les processus démarrés commence :
      Processus de recherche 'AVSCAN.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'RUNDLL32.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'NOTEPAD.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'JEANTHIS.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'RUNDLL32.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'NOTEPAD.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'LVComS.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'MSNMSGR.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'LogiTray.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'RUNDLL32.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'AVGNT.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'JUSCHED.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'APDPROXY.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'WgaTray.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'WMIAPSRV.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'ALG.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'WDFMGR.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'NVSVC32.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'JQS.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'ATKKBService.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'AVGUARD.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SCHED.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SPOOLSV.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'LSASS.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SERVICES.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'WINLOGON.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'CSRSS.EXE' - '1' module(s) sont contrôlés
      Processus de recherche 'SMSS.EXE' - '1' module(s) sont contrôlés
      '39' processus ont été contrôlés avec '39' modules

      La recherche sur les secteurs d'amorçage maître commence :
      Secteur d'amorçage maître HD0
      [INFO] Aucun virus trouvé !

      La recherche sur les secteurs d'amorçage commence :
      Secteur d'amorçage 'C:\'
      [INFO] Aucun virus trouvé !
      Secteur d'amorçage 'D:\'
      [INFO] Aucun virus trouvé !

      La recherche sur les renvois aux fichiers exécutables (registre) commence.
      Le registre a été contrôlé ( '59' fichiers).


      La recherche sur les fichiers sélectionnés commence :

      Recherche débutant dans 'C:\' <SYSTEM>
      Recherche débutant dans 'D:\' <MAUD>
      D:\pagefile.sys
      [AVERTISSEMENT] Impossible d'ouvrir le fichier !
      D:\hiberfil.sys
      [AVERTISSEMENT] Impossible d'ouvrir le fichier !


      Fin de la recherche : vendredi 9 janvier 2009 12:26
      Temps nécessaire: 26:40 Minute(s)

      La recherche a été effectuée intégralement

      4037 Les répertoires ont été contrôlés
      267654 Des fichiers ont été contrôlés
      0 Des virus ou programmes indésirables ont été trouvés
      0 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
      0 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      2 Impossible de contrôler des fichiers
      267652 Fichiers non infectés
      8111 Les archives ont été contrôlées
      2 Avertissements
      0 Consignes



      Malwarebytes' Anti-Malware 1.19
      Version de la base de données: 899
      Windows 5.1.2600 Service Pack 2

      22:14:59 08/01/2009
      mbam-log-1-8-2009 (22-14-51).txt

      Type de recherche: Examen complet (D:\|)
      Eléments examinés: 91568
      Temps écoulé: 2 hour(s), 26 minute(s), 21 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54 (Trojan.Vundo) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui à été trouvé par malwarebyte . Refais toolbar sd choisi l'option 2 et colle le rapport. Pour antivir tu es sûr d'avoir fait un examen complet de ton ordi?
    0
    1. uncleone Messages postés 19 Statut Membre
       
      oui sur
      on approche de la fin je pense
      merci d'aider un vieil homme
      0
    2. uncleone Messages postés 19 Statut Membre
       
      le temps se fait lourd
      tout est revenu c'est un peu stressant
      je te poste les logs que j'ai relancé

      -Malwarebytes' Anti-Malware 1.19
      Version de la base de données: 899
      Windows 5.1.2600 Service Pack 2

      17:54:13 10/01/2009
      mbam-log-1-10-2009 (17-53-53).txt

      Type de recherche: Examen complet (D:\|)
      Eléments examinés: 75001
      Temps écoulé: 18 minute(s), 38 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54 (Trojan.Vundo) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)

      -----------\\ ToolBar S&D 1.2.8 XP

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 3.06GHz )
      BIOS : Default System BIOS
      USER : Mamet ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - FAT32 - Total:21 Go (Free:19 Go)
      D:\ (Local Disk) - FAT32 - Total:54 Go (Free:9 Go)
      Z:\ (CD or DVD)

      "D:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 10/01/2009|17:58 )

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Local Page"="D:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr/"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "D:\ToolBar SD\TB_1.txt" - 09/01/2009|23:45 - Option : [1]
      2 - "D:\ToolBar SD\TB_2.txt" - 10/01/2009|15:01 - Option : [1]
      3 - "D:\ToolBar SD\TB_3.txt" - 10/01/2009|15:10 - Option : [2]
      4 - "D:\ToolBar SD\TB_4.txt" - 10/01/2009|17:59 - Option : [1]

      -----------\\ Fin du rapport a 17:59:37,53


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:02:01, on 10/01/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\system32\spoolsv.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      D:\WINDOWS\ATKKBService.exe
      D:\Program Files\Java\jre6\bin\jqs.exe
      D:\WINDOWS\System32\nvsvc32.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\System32\wbem\wmiapsrv.exe
      D:\WINDOWS\system32\WgaTray.exe
      D:\WINDOWS\Explorer.EXE
      D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      D:\Program Files\Java\jre6\bin\jusched.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      D:\WINDOWS\system32\RUNDLL32.EXE
      D:\Program Files\Logitech\Video\LogiTray.exe
      D:\WINDOWS\system32\ctfmon.exe
      D:\WINDOWS\System32\LVComS.exe
      D:\Program Files\MSN Messenger\msnmsgr.exe
      D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      D:\Program Files\Messenger\msmsgs.exe
      D:\WINDOWS\system32\rundll32.exe
      D:\Documents and Settings\Mamet\Bureau\JEAN.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
      O2 - BHO: (no name) - {2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7} - (no file)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {62761C2C-8EA6-451B-A658-B49DB743189E} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8177813A-E778-4D08-8EDA-2E59B28C9964} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {A55023C7-13C7-468C-B15A-5FDE29185907} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: (no name) - {B73F3E9D-4864-44FC-A2A6-5B3993E427E2} - (no file)
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [382b1e54] rundll32.exe "D:\WINDOWS\System32\cqfwaftt.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
      O20 - AppInit_DLLs: mabajf.dll mkyscq.dll poioks.dll
      O20 - Winlogon Notify: rqRLeeBQ - D:\WINDOWS\
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu n'as pas viré ce qui a été trouvé par malwarebyte! vire tout!

    (No action taken.)

    _______________

    analyse ces fihciers sur virus total et dis moi lesquels sont infectés: https://www.virustotal.com/gui/

    d:\windows\system32\poioks.dll
    d:\windows\system32\jjdktvhi.dll
    d:\windows\system32\ttfawfqc.ini
    d:\windows\system32\mkyscq.dll
    d:\windows\system32\gpnkylva.dll
    d:\windows\system32\ynqernvd.ini
    d:\windows\system32\lvqevsoh.dll
    d:\windows\system32\igdjxa.dll
    d:\windows\system32\vtwniopc.ini

    ___________

    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    d:\program files\AskSBar
    d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. uncleone
       
      bonjour jlpjlp,
      les fichiers analysés sont tous infectés
      je te joins le rapport de old timer

      ========== FILES ==========
      File/Folder d:\program files\AskSBar not found.
      File/Folder d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL not found.
      ========== REGISTRY ==========
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}\ not found.
      Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\\ not found.
      Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs deleted successfully.

      OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01112009_105627

      bon dimanche
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    ____________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Collect::
    d:\windows\system32\poioks.dll
    d:\windows\system32\jjdktvhi.dll
    d:\windows\system32\ttfawfqc.ini
    d:\windows\system32\mkyscq.dll
    d:\windows\system32\gpnkylva.dll
    d:\windows\system32\ynqernvd.ini
    d:\windows\system32\lvqevsoh.dll
    d:\windows\system32\igdjxa.dll
    d:\windows\system32\vtwniopc.ini

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  15. uncleone
     
    j'ai tout fait voila les logs

    ComboFix 08-12-31.01 - Mamet 2009-01-11 11:32:50.3 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502.264 [GMT 1:00]
    Lancé depuis: d:\documents and settings\Mamet\Bureau\ComboFix.exe
    Commutateurs utilisés :: d:\documents and settings\Mamet\Bureau\CFscript.txt
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .
    - Mode FONCTIONNALITES REDUITES -
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\windows\system32\gpnkylva.dll
    d:\windows\system32\igdjxa.dll
    d:\windows\system32\jjdktvhi.dll
    d:\windows\system32\lvqevsoh.dll
    d:\windows\system32\ttfawfqc.ini
    d:\windows\system32\ynqernvd.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-11 10:56 . 2009-01-11 10:56 <REP> d-------- D:\_OTMoveIt
    2009-01-11 10:35 . 2009-01-11 10:35 <REP> d-------- d:\windows\system32\CatRoot_bak
    2009-01-09 23:43 . 2009-01-09 23:43 <REP> d-------- D:\ToolBar SD
    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- D:\rsit
    2009-01-08 22:29 . 2009-01-08 22:29 <REP> d-------- d:\program files\trend micro
    2009-01-08 18:21 . 2008-04-11 19:51 683,520 --------- d:\windows\system32\dllcache\inetcomm.dll
    2009-01-08 18:18 . 2008-10-03 11:17 247,326 --------- d:\windows\system32\dllcache\strmdll.dll
    2009-01-07 23:31 . 2009-01-07 23:31 <REP> d-------- d:\documents and settings\LocalService\Menu Démarrer
    2009-01-07 22:42 . 2004-08-20 00:09 221,184 --a------ d:\windows\system32\wmpns.dll
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\provisioning
    2009-01-07 22:40 . 2009-01-07 22:40 <REP> d-------- d:\windows\peernet
    2009-01-07 22:38 . 2009-01-07 22:38 <REP> d-------- d:\windows\ServicePackFiles
    2009-01-07 22:31 . 2009-01-07 22:31 <REP> d-------- d:\windows\EHome
    2009-01-07 21:05 . 2002-04-15 21:11 67,866 --------- d:\windows\system32\drivers\netwlan5.img
    2009-01-07 21:05 . 2004-08-19 16:10 11,776 --------- d:\windows\system32\spnpinst.exe
    2009-01-07 21:05 . 2004-08-02 14:20 7,208 --------- d:\windows\system32\secupd.sig
    2009-01-07 21:05 . 2004-08-02 14:20 4,569 --------- d:\windows\system32\secupd.dat
    2009-01-07 20:14 . 2003-02-28 16:34 313,856 --a------ d:\windows\system32\dx3j.dll
    2009-01-07 20:14 . 2003-02-28 18:26 286,992 --a------ d:\windows\system32\vmhelper.dll
    2009-01-07 20:14 . 2003-02-28 18:26 171,792 --a------ d:\windows\system32\wjview.exe
    2009-01-07 20:14 . 2003-02-28 18:26 171,280 --a------ d:\windows\system32\jit.dll
    2009-01-07 20:14 . 2003-02-28 18:26 139,536 --a------ d:\windows\system32\javaee.dll
    2009-01-07 20:14 . 2003-02-28 18:26 46,352 --a------ d:\windows\setdebug.exe
    2009-01-07 20:14 . 2003-02-28 16:54 7,315 --a------ d:\windows\system32\javasup.vxd
    2009-01-07 20:14 . 2003-02-28 16:35 6,550 --a------ d:\windows\jautoexp.dat
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedon.reg
    2009-01-07 20:14 . 2003-02-28 16:38 113 --a------ d:\windows\system32\zonedoff.reg
    2009-01-07 20:13 . 2003-02-28 18:26 947,472 --a------ d:\windows\system32\msjava.dll
    2009-01-07 20:13 . 2003-02-28 18:26 404,752 --a------ d:\windows\system32\javart.dll
    2009-01-07 20:13 . 2003-02-28 18:26 187,152 --a------ d:\windows\system32\javacypt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 172,304 --a------ d:\windows\system32\jview.exe
    2009-01-07 20:13 . 2003-02-28 18:26 154,384 --a------ d:\windows\system32\msawt.dll
    2009-01-07 20:13 . 2003-02-28 18:26 63,248 --a------ d:\windows\system32\javaprxy.dll
    2009-01-07 20:13 . 2003-02-28 18:26 49,424 --a------ d:\windows\system32\clspack.exe
    2009-01-07 20:13 . 2003-02-28 18:26 21,264 --a------ d:\windows\system32\msjdbc10.dll
    2009-01-07 20:13 . 2003-02-28 18:26 15,120 --a------ d:\windows\system32\jdbgmgr.exe
    2009-01-07 19:40 . 2009-01-07 18:36 102,664 --a------ d:\windows\system32\drivers\tmcomm.sys
    2009-01-07 18:36 . 2009-01-07 18:36 <REP> d-------- d:\documents and settings\Mamet\.housecall6.6
    2009-01-07 16:02 . 2006-04-20 12:51 359,808 --------- d:\windows\system32\dllcache\tcpip.sys
    2009-01-07 15:55 . 2005-09-01 02:43 19,968 --a------ d:\windows\system32\linkinfo.dll
    2009-01-07 15:51 . 2004-08-20 00:09 102,912 --a------ d:\windows\system32\cscdll.dll
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --a------ d:\windows\system32\hhctrl.ocx
    2009-01-07 15:50 . 2006-07-14 16:27 546,304 --------- d:\windows\system32\dllcache\hhctrl.ocx
    2009-01-07 15:50 . 2005-07-08 17:28 249,344 --a------ d:\windows\system32\tapisrv.dll
    2009-01-07 15:47 . 2006-07-13 14:36 8,509,952 --------- d:\windows\system32\dllcache\shell32.dll
    2009-01-07 15:47 . 2004-08-20 00:09 716,800 --a------ d:\windows\system32\sxs.dll
    2009-01-07 15:47 . 2004-11-17 18:42 354,304 --a------ d:\windows\system32\hypertrm.dll
    2009-01-07 15:47 . 2004-08-20 00:09 88,064 --a------ d:\windows\system32\fldrclnr.dll
    2009-01-07 15:43 . 2006-08-25 16:51 617,472 --------- d:\windows\system32\dllcache\comctl32.dll
    2009-01-07 15:41 . 2006-08-16 10:37 225,664 --------- d:\windows\system32\dllcache\tcpip6.sys
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --------- d:\windows\system32\dllcache\6to4svc.dll
    2009-01-07 15:41 . 2006-08-16 12:59 100,352 --a------ d:\windows\system32\6to4svc.dll
    2009-01-07 15:41 . 2004-08-20 00:10 88,576 --a------ d:\windows\system32\netsh.exe
    2009-01-07 15:41 . 2004-08-20 00:09 82,944 --a------ d:\windows\system32\ws2_32.dll
    2009-01-07 15:41 . 2004-08-20 00:09 59,904 --a------ d:\windows\system32\ipv6mon.dll
    2009-01-07 15:41 . 2004-08-20 00:09 53,760 --a------ d:\windows\system32\ipv6.exe
    2009-01-07 15:41 . 2004-08-20 00:09 33,280 --a------ d:\windows\system32\inetmib1.dll
    2009-01-07 15:41 . 2004-08-20 00:09 14,336 --a------ d:\windows\system32\wship6.dll
    2009-01-07 15:41 . 2004-08-04 07:03 12,416 --a------ d:\windows\system32\drivers\tunmp.sys
    2009-01-07 15:40 . 2005-10-20 23:25 1,097,728 --a------ d:\windows\system32\esent.dll
    2009-01-07 15:40 . 2005-01-11 02:01 128,512 --a------ d:\windows\system32\dllcache\dhtmled.ocx
    2009-01-07 15:40 . 2005-04-22 06:08 57,344 --a------ d:\windows\system32\dllcache\agentdpv.dll
    2009-01-07 15:26 . 2006-03-17 01:38 28,672 --a------ d:\windows\system32\verclsid.exe
    2009-01-07 15:24 . 2008-09-04 17:45 1,106,944 --a------ d:\windows\system32\msxml3.dll
    2009-01-07 15:24 . 2005-08-22 19:35 197,632 --a------ d:\windows\system32\netman.dll
    2009-01-07 15:23 . 2006-09-04 07:12 1,494,528 --------- d:\windows\system32\dllcache\shdocvw.dll
    2009-01-07 15:23 . 2008-10-15 17:59 332,800 --------- d:\windows\system32\dllcache\netapi32.dll
    2009-01-07 15:22 . 2005-06-29 02:49 74,240 --a------ d:\windows\system32\mscms.dll
    2009-01-07 15:21 . 2005-06-15 18:50 295,936 --a------ d:\windows\system32\kerberos.dll
    2009-01-07 15:21 . 2005-08-23 04:39 124,928 --a------ d:\windows\system32\umpnpmgr.dll
    2009-01-07 15:21 . 2006-01-04 04:35 68,096 --a------ d:\windows\system32\webclnt.dll
    2009-01-07 15:20 . 2004-08-20 00:09 388,096 --a------ d:\windows\system32\ipsmsnap.dll
    2009-01-07 15:20 . 2004-08-20 00:09 361,472 --a------ d:\windows\system32\ipsecsnp.dll
    2009-01-07 15:20 . 2004-08-20 00:09 267,776 --a------ d:\windows\system32\oakley.dll
    2009-01-07 15:20 . 2004-08-20 00:09 184,320 --a------ d:\windows\system32\ipsecsvc.dll
    2009-01-07 15:20 . 2006-06-22 11:48 181,248 --------- d:\windows\system32\dllcache\rasmans.dll
    2009-01-07 15:20 . 2004-08-20 00:09 106,496 --a------ d:\windows\system32\polstore.dll
    2009-01-07 15:20 . 2004-08-20 00:09 32,768 --a------ d:\windows\system32\winipsec.dll
    2009-01-07 15:12 . 2009-01-07 15:12 <REP> d-------- d:\windows\system32\bits
    2009-01-07 15:11 . 2006-06-26 18:41 8,192 --------- d:\windows\system32\dllcache\rasadhlp.dll
    2009-01-07 15:07 . 2008-10-16 14:08 27,672 --a------ d:\windows\system32\wuapi.dll.mui
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\program files\SUPERAntiSpyware
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\Mamet\Application Data\SUPERAntiSpyware.com
    2009-01-07 14:22 . 2009-01-07 14:22 <REP> d-------- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-01-07 01:07 . 2009-01-07 01:07 268 --ah----- D:\sqmdata19.sqm
    2009-01-07 01:07 . 2009-01-07 01:07 244 --ah----- D:\sqmnoopt19.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 268 --ah----- D:\sqmdata18.sqm
    2009-01-07 00:04 . 2009-01-07 00:04 244 --ah----- D:\sqmnoopt18.sqm
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\program files\Malwarebytes' Anti-Malware
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\Mamet\Application Data\Malwarebytes
    2009-01-06 21:53 . 2009-01-06 21:53 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-06 21:53 . 2008-06-28 14:16 34,296 --a------ d:\windows\system32\drivers\mbamcatchme.sys
    2009-01-06 21:53 . 2008-06-28 14:16 17,144 --a------ d:\windows\system32\drivers\mbam.sys
    2009-01-06 21:46 . 2009-01-06 21:46 268 --ah----- D:\sqmdata17.sqm
    2009-01-06 21:46 . 2009-01-06 21:46 244 --ah----- D:\sqmnoopt17.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 268 --ah----- D:\sqmdata16.sqm
    2009-01-06 21:17 . 2009-01-06 21:17 244 --ah----- D:\sqmnoopt16.sqm
    2008-12-30 18:21 . 2008-12-30 18:21 <REP> d-------- D:\VundoFix Backups
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d--h----- d:\documents and settings\Administrateur\Modèles
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Mes documents
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Favoris
    2008-12-30 17:50 . 2006-08-17 23:10 <REP> d-------- d:\documents and settings\Administrateur\Bureau
    2008-12-30 17:50 . 2008-12-30 17:50 <REP> d-------- d:\documents and settings\Administrateur
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\program files\Avira
    2008-12-30 15:42 . 2008-12-30 15:42 <REP> d-------- d:\documents and settings\All Users\Application Data\Avira
    2008-12-30 15:25 . 2008-12-30 15:25 <REP> d-------- d:\program files\SpywareBlaster
    2008-12-30 15:25 . 2008-12-30 15:26 <REP> d-------- d:\documents and settings\All Users\Application Data\TEMP
    2008-12-29 18:31 . 2008-06-19 17:24 28,544 --a------ d:\windows\system32\drivers\pavboot.sys
    2008-12-29 18:30 . 2008-12-29 18:30 <REP> d-------- d:\program files\Panda Security
    2008-12-29 17:34 . 2008-12-29 17:34 <REP> d--hs---- D:\FOUND.005
    2008-12-28 14:09 . 2008-12-28 14:09 <REP> d--hs---- D:\FOUND.004
    2008-12-25 22:23 . 2008-12-25 22:23 <REP> d--hs---- D:\FOUND.003
    2008-12-25 01:04 . 2008-12-25 01:04 <REP> d-------- d:\program files\Alwil Software
    2008-12-25 01:04 . 2003-03-18 21:20 1,060,864 --a------ d:\windows\system32\MFC71.dll
    2008-12-24 19:14 . 2008-12-24 19:14 120 ---hs---- d:\windows\system32\vtwniopc.ini
    2008-12-23 21:08 . 2008-12-23 21:08 126,464 --a------ d:\windows\system32\axfulrdo.dll
    2008-12-23 19:12 . 2008-12-23 19:12 120 ---hs---- d:\windows\system32\sqvvaomb.ini
    2008-12-23 19:10 . 2008-12-23 21:41 560,829 --ahs---- d:\windows\system32\deMooUtv.ini
    2008-12-18 18:19 . 2008-12-18 18:19 <REP> d-------- d:\program files\Spybot - Search & Destroy
    2008-12-18 18:19 . 2008-12-18 18:19 <REP> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-18 17:44 . 2008-12-18 17:44 410,984 --a------ d:\windows\system32\deploytk.dll
    2008-12-18 15:24 . 2008-12-18 15:24 268 --ah----- D:\sqmdata15.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 13:59 421 ----a-w d:\program files\Raccourci vers SUPERAntiSpyware.lnk
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll
    2008-10-16 13:12 202,776 ----a-w d:\windows\system32\wuweb.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w d:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll
    2008-10-16 13:07 208,744 ----a-w d:\windows\system32\muweb.dll
    2008-10-16 13:06 268,648 ----a-w d:\windows\system32\mucltui.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-09_18.15.28,51 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-11 10:11:30 16,384 ----a-w d:\windows\Temp\Perflib_Perfdata_738.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-20 15360]
    "msnmsgr"="d:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-20 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelAudioStudio"="d:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-07 9129984]
    "NvCplDaemon"="d:\windows\System32\NvCpl.dll" [2007-06-29 8466432]
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "Adobe Photo Downloader"="d:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
    "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
    "avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NvMediaCenter"="d:\windows\System32\NvMcTray.dll" [2007-06-29 81920]
    "LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "382b1e54"="d:\windows\System32\cqfwaftt.dll" [BU]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 d:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2007-06-29 d:\windows\system32\nwiz.exe]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 d:\windows\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
    "Picasa Media Detector"="d:\picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

    d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - d:\microsoft office\Office\OSA9.EXE [1999-02-17 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLeeBQ]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_SZ msv1_0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\MSN Messenger\\livecall.exe"=

    R0 avgntmgr;avgntmgr;d:\windows\system32\DRIVERS\avgntmgr.sys [2008-12-30 22336]
    R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2008-12-29 28544]
    R1 avgntdd;avgntdd;d:\windows\system32\DRIVERS\avgntdd.sys [2008-12-30 45376]
    S3 FLASHSYS;FLASHSYS;\??\d:\windows\System32\DRIVERS\FLASHSYS.sys []
    S3 WEBNTACCESS;WEBNTACCESS;\??\d:\windows\System32\NTACCESS.SYS []

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-07 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

    2009-01-11 d:\windows\Tasks\bdlexcsv.job
    - d:\windows\system32\rundll32.exe [2004-08-20 00:10]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
    BHO-{2AA73D68-D53D-41DD-A9A3-0D93EF8C1BD7} - (no file)
    BHO-{62761C2C-8EA6-451B-A658-B49DB743189E} - (no file)
    BHO-{8177813A-E778-4D08-8EDA-2E59B28C9964} - (no file)
    BHO-{A55023C7-13C7-468C-B15A-5FDE29185907} - (no file)
    BHO-{B73F3E9D-4864-44FC-A2A6-5B3993E427E2} - (no file)

    .
    ------- Examen supplémentaire -------
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites

    O16 -: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
    d:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
    d:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-11 11:33:09
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-2052111302-1645522239-725345543-1003
    "*"=dword:00000004

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security="Inherited"
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-2052111302-1645522239-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
    @Owner=S-1-5-21-2052111302-1645522239-725345543-1003
    @Allowed: (Full) (S-1-5-21-2052111302-1645522239-725345543-1003)
    @Allowed: (Full) (S-1-5-21-2052111302-1645522239-725345543-1003)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (LocalSystem)
    @Allowed: (Full) (Administrators)
    @Allowed: (Full) (Administrators)
    @Allowed: (Read) (S-1-5-12)
    @Allowed: (Read) (S-1-5-12)
    "*"=dword:00000004

    [HKEY_USERS\S-1-5-21-2052111302-1645522239-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security="Inherited"
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Owner=S-1-5-21-2052111302-1645522239-725345543-1003
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
    @Security="Inherited"
    "*"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\€*NULL*À`Ò*NULL*]
    @Security="Inherited"
    "DisplayName"="?\11?\11??"
    "DeviceDesc"="?\11?\11??"
    "ProviderName"="???\11?\1f?\11??"
    "MFG"="?"
    "ReinstallString"="8.201.0.0"
    "DeviceInstanceIds"=multi:"d:\\ati\\5-12_xp-2k_dd_ccc_wdm_enu_28472\\driver\\2kxp_inf\\cx_28472.inf\[u]0[/u]0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:ôwjY*NULL*]
    @Security="Inherited"
    "DisplayName"="???\17?\11\[u]0[/u]9"
    "DeviceDesc"="???\17?\11\[u]0[/u]9"
    "ProviderName"="?\16?\11?\16?\11??"
    "MFG"="???????"
    "ReinstallString"=".10.1000.5"
    "DeviceInstanceIds"=multi:"d:\\progra~1\\setupf~1\\atisys~1.191\\sbdrv\\smbus\\smbusati.inf\[u]0[/u]0"
    .
    Heure de fin: 2009-01-11 11:34:21
    ComboFix-quarantined-files.txt 2009-01-11 10:34:20
    ComboFix3.txt 2009-01-09 17:16:42
    ComboFix2.txt 2009-01-10 14:07:30

    Avant-CF: 9 046 589 440 octets libres
    Après-CF: 9,036,267,520 octets libres

    307 --- E O F --- 2009-01-09 00:06:22

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:36:36, on 11/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\ATKKBService.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\wbem\wmiapsrv.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\LVComS.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\notepad.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Mamet\Bureau\JEAN.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [382b1e54] rundll32.exe "D:\WINDOWS\System32\cqfwaftt.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
    O20 - Winlogon Notify: rqRLeeBQ - D:\WINDOWS\
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    on approche :)

    ______________

    vire cette tache plannifiée: si presente en allant dans poste de travail puis D puis WINDIOWS puis TASKS

    bdlexcsv.job

    ___________________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    d:\windows\System32\cqfwaftt.dl
    d:\windows\Tasks\bdlexcsv.job
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "382b1e54"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ______________________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    mettre à jour adobe reader
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    Mettre a jour java:

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.
    ______________________

    ensuite cette fois refais un hijakchits et mets en un neuf car tu me mets toujours le même (du 9/1/9) alors cela fait trainer!
    0
  17. uncleone
     
    c'est reparti (quuelle patience) Java était dèja à jour et Ie7 ne veut pas se'installer (pb avec VGA)
    j'ai l'impression en consultant le log de HJT que lezs BHO bizares sont revenues

    JavaRa 1.13 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sun Jan 11 19:18:20 2009

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: Software\JavaSoft\Java2D\1.6.0_02

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    ------------------------------------

    Finished reporting.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:19:29, on 11/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\ATKKBService.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\wbem\wmiapsrv.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\WgaTray.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    D:\WINDOWS\System32\LVComS.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Documents and Settings\Mamet\Bureau\JEAN.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "D:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O20 - Winlogon Notify: rqRLeeBQ - D:\WINDOWS\
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    0
  18. uncleone Messages postés 19 Statut Membre
     
    je viens de faire un scan SD il ne trouve rien!!!
    je fais désactivation restauration et réactivation ?
    je te laisse vérifier les logs avant
    merci
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    relance hijakchtis, fais : do a system scan only et fix ces lignes (fix cheked)

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O20 - Winlogon Notify: rqRLeeBQ - D:\WINDOWS\

    ______________________

    pour virer ce qui a été utilisé:

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ______________________

    lance Zeb restore puis essaye de reparer internet et retente de mettre a jour internet explorer, si impossible ne lutilise plus mais garde le pour que windows se mette a jour

    http://telechargement.zebulon.fr/zeb-restore.html
    ______________________

    naviguer avec firefox ou safari ou opera et non internet explorer car tu ne peux plus le mettre a jour apparement!

    http://www.mozilla-europe.org/fr/products/firefox/

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR ou AVG8 ou (AVAST )
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
    WINDOWS DEFENDER ou SPYWARE TERMINATOR

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    0
    1. uncleone Messages postés 19 Statut Membre
       
      ai fait un scan SD ce matin de nouveau virtumonde.prx dans le registre réglages autorun
      la roche tarpéienne est près du Capitole..
      0
    2. uncleone Messages postés 19 Statut Membre
       
      j'ai refait toute une procédure
      Malwarebytes suppression de vundo
      combofix suppression de ...cqfwafft et de la lige duregistre HKLM...382b1e54
      et les BHO no name qui étaiet revenues
      virtumonde se régénère.
      A quoi sert sur la clef de registre HKLM\...\Run D:\windows....\cqfwaftt 'b l'indice 'b qui se trouve au bout de la ligne?
      a t'il une incidence sur la renaissance du malware ?
      faut-il exécuter les déminages 'sans échec' et en ayant désactiver la restauration ?
      je poste les derniers logs

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:25:37, on 13/01/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\system32\spoolsv.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      D:\WINDOWS\ATKKBService.exe
      D:\Program Files\Java\jre6\bin\jqs.exe
      D:\WINDOWS\System32\nvsvc32.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\System32\wbem\wmiapsrv.exe
      D:\WINDOWS\system32\wscntfy.exe
      D:\WINDOWS\system32\WgaTray.exe
      D:\WINDOWS\Explorer.EXE
      D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      D:\WINDOWS\system32\RUNDLL32.EXE
      D:\Program Files\Logitech\Video\LogiTray.exe
      D:\WINDOWS\system32\ctfmon.exe
      D:\Program Files\MSN Messenger\msnmsgr.exe
      D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      D:\Program Files\Messenger\msmsgs.exe
      D:\WINDOWS\System32\LVComS.exe
      D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      D:\Documents and Settings\Mamet\Bureau\JEAN.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [382b1e54] rundll32.exe "D:\WINDOWS\System32\cqfwaftt.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
      0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais ceci:

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    d:\windows\System32\cqfwaftt.dll
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "382b1e54"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "382b1e54"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    et remets un rapport hijakchits
    0
    1. uncleone
       
      toujours en mode normal
      voila les logs mais la bête est toujours là

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:12:25, on 13/01/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\system32\spoolsv.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      D:\WINDOWS\ATKKBService.exe
      D:\Program Files\Java\jre6\bin\jqs.exe
      D:\WINDOWS\System32\nvsvc32.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\system32\wscntfy.exe
      D:\WINDOWS\System32\wbem\wmiapsrv.exe
      D:\WINDOWS\system32\WgaTray.exe
      D:\WINDOWS\Explorer.EXE
      D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
      D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      D:\WINDOWS\system32\RUNDLL32.EXE
      D:\Program Files\Logitech\Video\LogiTray.exe
      D:\WINDOWS\system32\ctfmon.exe
      D:\Program Files\MSN Messenger\msnmsgr.exe
      D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      D:\WINDOWS\System32\LVComS.exe
      D:\Program Files\Messenger\msmsgs.exe
      D:\Documents and Settings\Mamet\Bureau\JEAN.exe
      D:\WINDOWS\system32\wuauclt.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
      O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [382b1e54] rundll32.exe "D:\WINDOWS\System32\cqfwaftt.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
      0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    relance hijakchits, fais do a system scan only et fix cette ligne (fix cheked)

    O4 - HKLM\..\Run: [382b1e54] rundll32.exe "D:\WINDOWS\System32\cqfwaftt.dll",b

    télécharge OTMoveIt

    sur https://www.luanagames.com/index.fr.html

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54
    D:\WINDOWS\System32\cqfwaftt.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _____________________

    remets un rapport hijakchits ou RSIt

    dis nous comment se comporte ton pc? encore des pubs?...
    0
    1. uncleone
       
      ça ne marche pas , la bête s'agrippe

      Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan> in the current context!
      Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\382b1e54> in the current context!
      Error: Unable to interpret <D:\WINDOWS\System32\cqfwaftt.dll> in the current context!

      OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_144505
      0
  • 1
  • 2