Une analyse avec HijackThis ,merci

Résolu
sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   -  
sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Je viens d'avoir un soucis avec mon ordi ,j'ai eu quelques chevaux de troie, je pense ls avoir enlever,mais pour être sur pourriez vous me dire si dans Hijackthis c'est Ok
Merci d'avance

Logfile of HijackThis v1.99.1
Scan saved at 00:51:25, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared\a2free.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9DB30F1E-538B-4395-9E49-37C1429AB459} - C:\WINDOWS\system32\urqnoom.dll
O2 - BHO: (no name) - {F40A5DAA-67B1-4494-990B-D792F04A0169} - C:\WINDOWS\system32\awtst.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSNAgent] C:\DOCUME~1\Sophie\LOCALS~1\Temp\winCB.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3527DF56-B3C0-4DED-AB1B-1C6A45D1D4ED}: NameServer = 86.63.145.140,84.103.237.140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: urqnoom - C:\WINDOWS\SYSTEM32\urqnoom.dll
O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SrvDrive - {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
O21 - SSODL: zip - {dd80802b-dfe5-41ec-93eb-0a0cf0494c80} - C:\WINDOWS\Installer\{dd80802b-dfe5-41ec-93eb-0a0cf0494c80}\zip.dll
O21 - SSODL: RunOnceSetup - {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Configuration: Windows XP
Firefox 2.0.0.12

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

La discussion porte sur une infection par chevaux de Troie sous Windows XP et sur l’interprétation d’un log HijackThis pour déterminer les éléments potentiellement dangereux et les manipulations à effectuer.
Plusieurs réponses proposent des mesures concrètes: sauvegarder la page d’instructions, puis exécuter des outils de nettoyage comme CCleaner et AVG Anti-Spyware, puis analyser et générer des rapports HijackThis et AVG.
Certains intervenants préconisent d’effectuer ces opérations en mode sans échec et de suivre étape par étape les procédures d’installation et de mise à jour d’outils, y compris des scripts avec ComboFix.
Certaines propositions rappellent de vérifier que certains éléments de HijackThis correspondent à des composants légitimes et recommandent une vérification croisée avant de supprimer, afin d’éviter des suppressions critiques.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sophieline

    Il reste du monde...

    1) Télécharge

    * Combofix.exe de sUBs sur ton Bureau

    --> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    N'y touche pas pour le moment.

    * VundoFix.exe par Atribune --> http://www.atribune.org/content/view/24/2/ sur ton Bureau.

    2) VundoFix.exe par Atribune

    * Double-clique sur VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est terminé, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    3) Combofix.exe de sUBs

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    Double clique sur Combofix.exe
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan
    Lorsque le scan sera terminé, un rapport apparaîtra.

    4) Rapports :

    Poste en réponse :

    * Le rapport VundoFix situé dans C:\vundofix.txt
    * Le rapport de ComboFix qui se se trouve là : C:\Combofix.txt+
    * Un nouveau rapport HijackThis.

    @ suivre
    0
  2. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Bonjour

    Bien du mal a ce que cela s'envoie sur le forum

    Merci de m'aider, cela n'a pas vraiment été simple de faire ces analyse ,de plus j'ai spybot qui m'a fait une mise a jour et sa me dit qu'une clé du registre a été modifier accepter la modification ou nom, je n'y pige rien car avant il n'était pas comme cela, donc voila le rapport d'analyses

    je vais te le faire en deux fois ce rapport est bon mais l'autre je ne trouve pas C:/Combofix.txt+ donc je te met ce que j'ai trouver ,mais pas sur

    VundoFix V6.7.8

    Checking Java version...

    Scan started at 08:12:33 09/02/2008

    Listing files found while scanning....

    C:\windows\system32\awtst.dll
    C:\WINDOWS\system32\jkkijjg.dll
    C:\WINDOWS\system32\opnllkk.dll
    C:\windows\system32\tstwa.ini
    C:\windows\system32\tstwa.ini2
    C:\WINDOWS\system32\urqnoom.dll
    C:\WINDOWS\system32\winjgf32.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\awtst.dll
    C:\windows\system32\awtst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkijjg.dll
    C:\WINDOWS\system32\jkkijjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnllkk.dll
    C:\WINDOWS\system32\opnllkk.dll Has been deleted!

    Attempting to delete C:\windows\system32\tstwa.ini
    C:\windows\system32\tstwa.ini Has been deleted!

    Attempting to delete C:\windows\system32\tstwa.ini2
    C:\windows\system32\tstwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqnoom.dll
    C:\WINDOWS\system32\urqnoom.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\winjgf32.dll
    C:\WINDOWS\system32\winjgf32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqnoom.dll
    C:\WINDOWS\system32\urqnoom.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.8

    Checking Java version...

    Scan started at 08:35:11 09/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\urqnoom.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqnoom.dll
    C:\WINDOWS\system32\urqnoom.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqnoom.dll
    C:\WINDOWS\system32\urqnoom.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!
    0
  3. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Bon j'ai refait une analyse avec Combo fix et la sa doit être bon car le rapport c'est afficher d'office ,et puis oui c'est le résident de Spybot qui me demande de modifier tel ou tel chose pourrais tu m'en dire plus a ce sujet car depuis la nouvelle mise a jour de spybot je sui perdu avec ce résident

    ComboFix 08-02.05.3 - Sophie 2008-02-09 9:32:54.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.579 [GMT 1:00]
    Endroit: C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\system32\urqnoom.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-09 08:12 . 2008-02-09 08:51 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:00 . 2008-02-09 07:59 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-09 07:51 . 2008-02-09 07:51 12,288 --a------ C:\Program Files\tmp580984.exe
    2008-02-09 07:51 . 2008-02-09 07:51 12,288 --a------ C:\Program Files\tmp580531.exe
    2008-02-09 07:51 . 2008-02-09 07:51 8,373 --a------ C:\Program Files\tmp578359.exe
    2008-02-09 07:51 . 2008-02-09 07:51 8,373 --a------ C:\Program Files\tmp578343.exe
    2008-02-09 00:42 . 2008-02-09 00:57 <REP> d-------- C:\Program Files\a-squared
    2008-02-08 23:56 . 2008-02-09 07:58 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-02-08 23:52 . 2008-02-08 23:56 <REP> d-------- C:\Program Files\SpywareBlaster(2)
    2008-02-08 23:22 . 2008-02-08 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-08 22:38 . 2008-02-09 08:00 6,468 --a------ C:\WINDOWS\unins000.dat
    2008-02-06 18:46 . 2008-02-06 18:46 <REP> d-------- C:\Program Files\TGTSoft(2)
    2008-02-05 20:40 . 2008-02-05 20:40 <REP> d-------- C:\Program Files\TGTSoft(3)
    2008-01-31 19:45 . 2008-02-08 11:38 <REP> d-------- C:\Program Files\a-squared Free(2)
    2008-01-31 18:15 . 2008-01-31 18:15 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\Lavasoft
    2008-01-29 20:53 . 2008-01-29 20:53 <REP> d-------- C:\Program Files\TGTSoft
    2008-01-27 16:31 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\TimePanic(2)
    2008-01-26 22:14 . 2008-02-08 11:37 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
    2008-01-25 13:59 . 2008-01-25 13:59 <REP> d-------- C:\Program Files\Java
    2008-01-25 13:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-25 13:58 . 2008-01-25 13:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-01-25 13:52 . 2008-01-27 12:57 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\OpenOffice.org2
    2008-01-25 13:44 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-01-20 18:24 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\a-squared Free
    2008-01-18 18:34 . 2008-01-26 22:17 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-18 17:50 . 2008-01-18 17:50 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\Jasc
    2008-01-18 10:37 . 2008-01-18 10:37 <REP> d-------- C:\Program Files\Tech
    2008-01-13 20:32 . 2008-02-09 09:03 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-13 18:46 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-01-13 18:46 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-01-13 18:43 . 2008-01-13 18:43 <REP> d--h----- C:\WINDOWS\PIF
    2008-01-13 18:16 . 2005-10-18 20:03 3,031,040 --------- C:\WINDOWS\UNNeroVision.exe
    2008-01-13 18:16 . 2006-01-24 08:33 216,540 --------- C:\WINDOWS\UNNeroVision.cfg
    2008-01-13 18:15 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-01-13 18:14 . 2008-01-13 18:14 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-01-13 18:11 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-01-13 18:11 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-01-13 18:11 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-01-13 18:11 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-01-13 18:11 . 2006-01-12 15:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-01-13 18:11 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-01-13 18:10 . 2008-01-13 18:46 <REP> d-------- C:\Program Files\Ahead
    2008-01-12 15:11 . 2008-01-12 15:11 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\Uniblue
    2008-01-11 21:57 . 2008-01-13 15:11 <REP> d-------- C:\Program Files\eMule
    2008-01-11 11:39 . 2008-01-11 11:39 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-01-11 11:39 . 2008-01-11 11:39 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-11 11:39 . 2008-01-11 11:39 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-11 11:39 . 2008-01-11 11:39 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-11 11:39 . 2008-01-11 11:39 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-11 11:25 . 2008-01-11 11:25 <REP> d-------- C:\Program Files\USB Wireless Keyboard Driver
    2008-01-11 11:25 . 2004-03-02 20:24 5,576,704 --a------ C:\WINDOWS\CNYHKey.exe
    2008-01-11 11:25 . 2004-12-08 17:57 550,912 --a------ C:\WINDOWS\mHotkey.exe
    2008-01-11 11:25 . 2003-07-03 01:21 294,912 --a------ C:\WINDOWS\PIC.dll
    2008-01-11 11:25 . 2002-08-22 01:31 201,076 --a------ C:\WINDOWS\comwarn.bmp
    2008-01-11 11:25 . 2003-12-08 03:36 49,152 --a------ C:\WINDOWS\CNYUSB.dll
    2008-01-11 11:25 . 2001-07-02 20:36 24,576 --a------ C:\WINDOWS\HKNTDLL.dll
    2008-01-11 11:25 . 2003-05-16 20:09 11,776 --a------ C:\WINDOWS\HIDMNT.dll
    2008-01-11 11:25 . 2002-09-26 03:07 5,120 --a------ C:\WINDOWS\HKCYDLL.dll
    2008-01-11 11:25 . 2004-02-24 06:36 4,577 --a------ C:\WINDOWS\mHotkey.reg
    2008-01-11 11:25 . 2002-10-04 01:24 360 --a------ C:\WINDOWS\CNYHKey.ini
    2008-01-11 10:28 . 2000-05-10 06:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD
    2008-01-10 21:41 . 2008-01-10 21:44 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-10 20:22 . 2008-01-10 20:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-01-09 21:11 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-09 21:10 . 2008-01-09 21:10 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-09 21:10 . 2008-01-09 21:36 <REP> d-------- C:\Documents and Settings\Sophie\Contacts
    2008-01-09 19:44 . 2008-01-09 19:44 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\HP
    2008-01-09 19:43 . 2006-02-14 00:33 <REP> d--h----- C:\Documents and Settings\Jeanfi\Voisinage réseau
    2008-01-09 19:43 . 2006-02-14 00:33 <REP> d--h----- C:\Documents and Settings\Jeanfi\Voisinage d'impression
    2008-01-09 19:43 . 2006-02-14 02:24 <REP> d---s---- C:\Documents and Settings\Jeanfi\UserData
    2008-01-09 19:43 . 2006-02-13 23:36 <REP> d--h----- C:\Documents and Settings\Jeanfi\Modèles
    2008-01-09 19:43 . 2008-01-31 20:53 <REP> dr------- C:\Documents and Settings\Jeanfi\Mes documents
    2008-01-09 19:43 . 2006-02-14 00:33 <REP> dr------- C:\Documents and Settings\Jeanfi\Menu Démarrer
    2008-01-09 19:43 . 2008-01-10 22:57 <REP> dr------- C:\Documents and Settings\Jeanfi\Favoris
    2008-01-09 19:43 . 2008-02-08 11:38 <REP> d-------- C:\Documents and Settings\Jeanfi\Bureau
    2008-01-09 19:43 . 2006-02-14 01:19 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\You've Got Pictures Screensaver
    2008-01-09 19:43 . 2006-02-14 06:03 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\S.A.D
    2008-01-09 19:43 . 2006-02-14 00:42 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\ATI
    2008-01-09 19:43 . 2006-02-14 01:19 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\AOL
    2008-01-09 19:40 . 2008-01-09 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-09 19:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-01-09 19:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-01-09 19:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 08:34 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
    2008-02-09 08:02 2,181,086 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-09 07:29 90,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-09 07:29 7,600,160 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-09 07:29 1,665,536 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-02-09 07:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-09 07:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-08 23:51 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-02-08 22:57 --------- d-----w C:\Program Files\Lavasoft
    2008-02-08 22:22 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Lavasoft
    2008-02-08 22:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-08 20:38 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-02-06 19:49 3,420 ----a-w C:\Documents and Settings\Sophie\Application Data\wklnhst.dat
    2008-01-30 19:56 1,632,768 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-01-29 19:46 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-26 21:53 1,640,960 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-01-26 21:14 1,632,768 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-01-22 17:06 --------- d-----w C:\Program Files\IncrediMail
    2008-01-22 16:56 --------- d-----w C:\Program Files\Microsoft AutoRoute
    2008-01-20 07:51 1,601,536 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-01-18 17:42 1,582,592 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-01-18 17:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-18 09:31 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Image Zone Express
    2008-01-14 17:35 1,545,216 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-01-13 17:14 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-01-13 16:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-13 08:54 --------- d-----w C:\Program Files\Avant Browser
    2008-01-12 10:21 --------- d-----w C:\Program Files\a-squared Anti-Dialer
    2008-01-11 10:42 --------- d-----w C:\Documents and Settings\Sophie\Application Data\AdobeUM
    2008-01-11 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-09 20:11 --------- d-----w C:\Program Files\Windows Live
    2008-01-09 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-09 19:56 --------- d-----w C:\Program Files\Microsoft Money 2005
    2008-01-09 18:39 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2008-01-09 18:39 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2008-01-08 21:58 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-08 21:09 --------- d-----w C:\Program Files\Zone Labs
    2008-01-08 21:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-08 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-08 19:49 --------- d-----w C:\Program Files\Yahoo!
    2007-12-22 09:48 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Ahead
    2007-12-21 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-21 09:15 32,768 ------w C:\WINDOWS\system32\MWLPS.dll
    2007-12-21 09:15 --------- d-----w C:\Program Files\Wireless LAN USB Dongle
    2007-12-16 10:47 82,760 ----a-w C:\Documents and Settings\Sophie\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-14 20:19 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Printer Info Cache
    2007-12-14 19:55 --------- d-----w C:\Program Files\Fichiers communs\HP
    2007-12-13 20:01 --------- d-----w C:\Documents and Settings\Kévin\Application Data\HP
    2007-12-13 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-12-11 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2007-12-11 19:43 --------- d-----w C:\Program Files\HP
    2007-12-11 19:41 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-11 19:03 0 ----a-w C:\Documents and Settings\Kévin\Application Data\wklnhst.dat
    2007-12-10 17:25 --------- d-----w C:\Program Files\Alwil Software
    2007-12-10 17:19 --------- d-----w C:\Program Files\winrar3.41
    2007-12-10 16:52 --------- d-----w C:\Program Files\Neuf(2)
    2007-12-10 16:52 --------- d-----w C:\Documents and Settings\Sophie\Application Data\CyberLink
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2005-07-06 17:58 5,159,500 ----a-w C:\Program Files\StyleXP 3.10.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FC865E-C91C-44C6-B4E8-611D8C9886A0}]
    C:\WINDOWS\system32\awtst.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-20 12:21 214456]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-07-07 00:52 1359872]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
    "SMSERIAL"="sm56hlpr.exe" [2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-21 21:33 6731312]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
    "LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 13:54 357376]
    "CHotkey"="mHotkey.exe" [2004-12-08 17:57 550912 C:\WINDOWS\mHotkey.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SrvDrive"= {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll [2008-02-08 20:50 14374]
    "zip"= {34d61973-2b1e-44ac-9499-d23db8f37ddb} - C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll [2008-02-09 07:51 39462]
    "RunOnceSetup"= {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll [2008-02-08 21:35 14374]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless LAN USB Dongle.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Sophie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Sophie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
    --a------ 2008-01-12 11:20 1329152 C:\Program Files\a-squared Anti-Dialer\a2adguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
    --a------ 2005-01-31 15:09 458752 C:\Program Files\CA\Etrust Antivirus\Register.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIMACE]
    --a------ 2006-01-04 21:28 81920 C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-05 13:34 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    --a------ 2004-03-02 20:24 5576704 C:\WINDOWS\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
    C:\Program Files\Trust\250S Series\lwbwheel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-02-14 01:19 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --a------ 2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -r------- 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
    --a------ 2005-07-07 00:52 1359872 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "x10nets"=2 (0x2)
    "StyleXPService"=2 (0x2)
    "RichVideo"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "a2AntiDialer"=2 (0x2)

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-20 00:31]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-20 00:31]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-20 00:32]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-20 00:29]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-20 00:37]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-20 00:30]
    R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-07-11 09:50]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 04:22]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
    S4 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Documents and Settings\Sophie\Mes documents\Fichiers pour les virus\a-squared Anti-Dialer\a2service.exe" [2007-08-19 11:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01261141-a1dc-11da-a911-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06dfb941-9dce-11da-ba1b-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b774a79-a4a7-11dc-a222-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f5ec8c1-9fc0-11da-8e52-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75d83041-9fcf-11da-82ad-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fa6ef8-9ce8-11da-a584-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8a11f9-a1da-11da-9d1f-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7987141-9f6f-11da-9755-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-09 07:44:00 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 09:35:19
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    -> C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
    .
    Temps d'accomplissement: 2008-02-09 9:35:52
    ComboFix-quarantined-files.txt 2008-02-09 08:35:49
    .
    2008-01-22 17:06:01 --- E O F ---
    0
  4. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Oups j'avais oublier le rapport d'hijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 10:17:37, on 09/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9DB30F1E-538B-4395-9E49-37C1429AB459} - (no file)
    O2 - BHO: (no name) - {A9FC865E-C91C-44C6-B4E8-611D8C9886A0} - C:\WINDOWS\system32\awtst.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSNAgent] C:\DOCUME~1\Sophie\LOCALS~1\Temp\winCB.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3527DF56-B3C0-4DED-AB1B-1C6A45D1D4ED}: NameServer = 86.63.145.140,84.103.237.140
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: SrvDrive - {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    O21 - SSODL: zip - {34d61973-2b1e-44ac-9499-d23db8f37ddb} - C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll
    O21 - SSODL: RunOnceSetup - {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    j'ai également dans program files ceci en + et je ne sais pas a quoi cela correspond ce sont des fichier en rectangle blanc avec une ligne bleu dur ,comme des fichier de téléchargements

    tmp578343
    tmp578349
    tmp580531
    tmp580984

    Merci
    0
  7. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sophie

    Je regarde cela en fin de soirée, je ne suis pas très "dispo" cette après midi.

    @ suivre
    0
  8. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Ok j'attendrais y a pas de soucis
    0
  9. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sophieline

    Désolé, je n'ai pas pu repasser avant...

    Tes rapports me posent des soucis :

    -- HijackThis

    * en O17 http://www.dnsstuff.com/tools/whois.ch?ip=86.63.145.140 et http://www.dnsstuff.com/tools/whois.ch?ip=84.103.237.140

    La 1ere fait penser a un redirection vers la Pologne, la 2nd parait légitime ??

    -- ComboFix

    Je vois des progam Files avec (2) comme si tu avais désinstaller certains d'eux puis réinstaller ceux ci mais sans avoir supprimer leur 1ere pochette dans programfiles, plusieurs doublons inutiles...

    -- On attaque :

    ComboFix avec CFScript :

    * Sélectionne le texte suivant (en gras) dans son intégralité :

    Registry ::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FC865E-C91C-44C6-B4E8-611D8C9886A0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SrvDrive"=-
    "zip"=-
    "RunOnceSetup"=-

    Folder::
    C:\Program Files\tmp580984.exe
    C:\Program Files\tmp580531.exe
    C:\Program Files\tmp578359.exe
    C:\Program Files\tmp578343.exe

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

    Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

    * Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

    Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.

    (Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

    @ suivre
    0
  10. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    OK ,je te remercie encore de ton soutiens voila les rapports

    ComboFix 08-02.05.3 - Sophie 2008-02-11 19:14:46.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.447 [GMT 1:00]
    Endroit: C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\tmp578343.exe\
    C:\Program Files\tmp578359.exe\
    C:\Program Files\tmp580531.exe\
    C:\Program Files\tmp580984.exe\

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 16:06 . 2008-02-10 16:06 <REP> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2008-02-10 16:04 . 2008-02-10 16:04 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-02-09 08:12 . 2008-02-09 08:51 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:00 . 2008-02-09 07:59 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-09 07:51 . 2008-02-09 07:51 12,288 --a------ C:\Program Files\tmp580984.exe
    2008-02-09 07:51 . 2008-02-09 07:51 12,288 --a------ C:\Program Files\tmp580531.exe
    2008-02-09 07:51 . 2008-02-09 07:51 8,373 --a------ C:\Program Files\tmp578359.exe
    2008-02-09 07:51 . 2008-02-09 07:51 8,373 --a------ C:\Program Files\tmp578343.exe
    2008-02-09 00:42 . 2008-02-11 18:17 <REP> d-------- C:\Program Files\a-squared
    2008-02-08 23:56 . 2008-02-09 07:58 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-02-08 23:52 . 2008-02-08 23:56 <REP> d-------- C:\Program Files\SpywareBlaster(2)
    2008-02-08 23:22 . 2008-02-08 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-08 22:38 . 2008-02-09 23:28 9,478 --a------ C:\WINDOWS\unins000.dat
    2008-02-06 18:46 . 2008-02-06 18:46 <REP> d-------- C:\Program Files\TGTSoft(2)
    2008-02-05 20:40 . 2008-02-05 20:40 <REP> d-------- C:\Program Files\TGTSoft(3)
    2008-01-31 18:15 . 2008-01-31 18:15 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\Lavasoft
    2008-01-29 20:53 . 2008-01-29 20:53 <REP> d-------- C:\Program Files\TGTSoft
    2008-01-27 16:31 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\TimePanic(2)
    2008-01-26 22:14 . 2008-02-08 11:37 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
    2008-01-25 13:59 . 2008-01-25 13:59 <REP> d-------- C:\Program Files\Java
    2008-01-25 13:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-25 13:58 . 2008-01-25 13:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-01-25 13:52 . 2008-01-27 12:57 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\OpenOffice.org2
    2008-01-25 13:44 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-01-20 18:24 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\a-squared Free
    2008-01-18 18:34 . 2008-01-26 22:17 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-18 17:50 . 2008-01-18 17:50 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\Jasc
    2008-01-18 10:37 . 2008-01-18 10:37 <REP> d-------- C:\Program Files\Tech
    2008-01-13 20:32 . 2008-02-11 17:22 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-13 18:46 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-01-13 18:46 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-01-13 18:43 . 2008-01-13 18:43 <REP> d--h----- C:\WINDOWS\PIF
    2008-01-13 18:16 . 2005-10-18 20:03 3,031,040 --------- C:\WINDOWS\UNNeroVision.exe
    2008-01-13 18:16 . 2006-01-24 08:33 216,540 --------- C:\WINDOWS\UNNeroVision.cfg
    2008-01-13 18:15 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-01-13 18:14 . 2008-01-13 18:14 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-01-13 18:11 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-01-13 18:11 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-01-13 18:11 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-01-13 18:11 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-01-13 18:11 . 2006-01-12 15:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-01-13 18:11 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-01-13 18:10 . 2008-01-13 18:46 <REP> d-------- C:\Program Files\Ahead
    2008-01-12 15:11 . 2008-01-12 15:11 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\Uniblue
    2008-01-11 21:57 . 2008-01-13 15:11 <REP> d-------- C:\Program Files\eMule
    2008-01-11 11:39 . 2008-01-11 11:39 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-01-11 11:39 . 2008-01-11 11:39 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-11 11:39 . 2008-01-11 11:39 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-11 11:39 . 2008-01-11 11:39 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
    2008-01-11 11:39 . 2008-01-11 11:39 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
    2008-01-11 11:25 . 2008-01-11 11:25 <REP> d-------- C:\Program Files\USB Wireless Keyboard Driver
    2008-01-11 11:25 . 2004-03-02 20:24 5,576,704 --a------ C:\WINDOWS\CNYHKey.exe
    2008-01-11 11:25 . 2004-12-08 17:57 550,912 --a------ C:\WINDOWS\mHotkey.exe
    2008-01-11 11:25 . 2003-07-03 01:21 294,912 --a------ C:\WINDOWS\PIC.dll
    2008-01-11 11:25 . 2002-08-22 01:31 201,076 --a------ C:\WINDOWS\comwarn.bmp
    2008-01-11 11:25 . 2003-12-08 03:36 49,152 --a------ C:\WINDOWS\CNYUSB.dll
    2008-01-11 11:25 . 2001-07-02 20:36 24,576 --a------ C:\WINDOWS\HKNTDLL.dll
    2008-01-11 11:25 . 2003-05-16 20:09 11,776 --a------ C:\WINDOWS\HIDMNT.dll
    2008-01-11 11:25 . 2002-09-26 03:07 5,120 --a------ C:\WINDOWS\HKCYDLL.dll
    2008-01-11 11:25 . 2004-02-24 06:36 4,577 --a------ C:\WINDOWS\mHotkey.reg
    2008-01-11 11:25 . 2002-10-04 01:24 360 --a------ C:\WINDOWS\CNYHKey.ini
    2008-01-11 10:28 . 2000-05-10 06:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-10 20:13 97,916 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-10 20:13 8,263,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-10 16:38 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Image Zone Express
    2008-02-10 15:33 --------- d-----w C:\Program Files\HP
    2008-02-10 15:20 4,674 ----a-w C:\Documents and Settings\Sophie\Application Data\wklnhst.dat
    2008-02-10 15:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-10 15:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-10 15:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-10 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-09 09:39 --------- d-----w C:\Program Files\DVB-Switcher (EN)
    2008-02-09 09:39 --------- d-----w C:\Program Files\Complete Cleanup Trial
    2008-02-09 09:17 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-02-09 08:02 2,181,086 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-09 07:29 1,665,536 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-02-08 22:57 --------- d-----w C:\Program Files\Lavasoft
    2008-02-08 22:22 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Lavasoft
    2008-02-08 20:38 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-01-30 19:56 1,632,768 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-01-29 19:46 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-26 21:53 1,640,960 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-01-26 21:14 1,632,768 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-01-22 17:06 --------- d-----w C:\Program Files\IncrediMail
    2008-01-22 16:56 --------- d-----w C:\Program Files\Microsoft AutoRoute
    2008-01-20 07:51 1,601,536 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-01-18 17:42 1,582,592 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-01-18 17:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-14 17:35 1,545,216 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-01-13 17:14 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-01-13 08:54 --------- d-----w C:\Program Files\Avant Browser
    2008-01-12 10:21 --------- d-----w C:\Program Files\a-squared Anti-Dialer
    2008-01-11 10:42 --------- d-----w C:\Documents and Settings\Sophie\Application Data\AdobeUM
    2008-01-11 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-10 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-01-09 20:11 --------- d-----w C:\Program Files\Windows Live
    2008-01-09 20:10 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-09 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-09 19:56 --------- d-----w C:\Program Files\Microsoft Money 2005
    2008-01-09 18:44 --------- d-----w C:\Documents and Settings\Jeanfi\Application Data\HP
    2008-01-09 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-09 18:39 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2008-01-09 18:39 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2008-01-08 21:58 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-08 21:09 --------- d-----w C:\Program Files\Zone Labs
    2008-01-08 21:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-08 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-08 19:49 --------- d-----w C:\Program Files\Yahoo!
    2007-12-22 09:48 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Ahead
    2007-12-21 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-21 09:15 32,768 ------w C:\WINDOWS\system32\MWLPS.dll
    2007-12-21 09:15 --------- d-----w C:\Program Files\Wireless LAN USB Dongle
    2007-12-16 10:47 82,760 ----a-w C:\Documents and Settings\Sophie\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-14 20:19 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Printer Info Cache
    2007-12-14 19:55 --------- d-----w C:\Program Files\Fichiers communs\HP
    2007-12-13 20:01 --------- d-----w C:\Documents and Settings\Kévin\Application Data\HP
    2007-12-13 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-12-11 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2007-12-11 19:03 0 ----a-w C:\Documents and Settings\Kévin\Application Data\wklnhst.dat
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2005-07-06 17:58 5,159,500 ----a-w C:\Program Files\StyleXP 3.10.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DB30F1E-538B-4395-9E49-37C1429AB459}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FC865E-C91C-44C6-B4E8-611D8C9886A0}]
    C:\WINDOWS\system32\awtst.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-20 12:21 214456]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-07-07 00:52 1359872]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
    "SMSERIAL"="sm56hlpr.exe" [2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-21 21:33 6731312]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
    "LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 13:54 357376]
    "CHotkey"="mHotkey.exe" [2004-12-08 17:57 550912 C:\WINDOWS\mHotkey.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SrvDrive"= {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll [2008-02-08 20:50 14374]
    "zip"= {34d61973-2b1e-44ac-9499-d23db8f37ddb} - C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll [2008-02-09 07:51 39462]
    "RunOnceSetup"= {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll [2008-02-08 21:35 14374]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless LAN USB Dongle.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Sophie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Sophie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
    --a------ 2008-01-12 11:20 1329152 C:\Program Files\a-squared Anti-Dialer\a2adguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
    --a------ 2005-01-31 15:09 458752 C:\Program Files\CA\Etrust Antivirus\Register.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIMACE]
    --a------ 2006-01-04 21:28 81920 C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-05 13:34 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    --a------ 2004-03-02 20:24 5576704 C:\WINDOWS\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
    C:\Program Files\Trust\250S Series\lwbwheel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNAgent]
    C:\DOCUME~1\Sophie\LOCALS~1\Temp\winCB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-02-14 01:19 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --a------ 2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -r------- 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
    --a------ 2005-07-07 00:52 1359872 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "x10nets"=2 (0x2)
    "StyleXPService"=2 (0x2)
    "RichVideo"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "a2AntiDialer"=2 (0x2)

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-20 00:31]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-20 00:31]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-20 00:32]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-20 00:29]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-20 00:37]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-20 00:30]
    R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-07-11 09:50]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 04:22]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
    S4 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Documents and Settings\Sophie\Mes documents\Fichiers pour les virus\a-squared Anti-Dialer\a2service.exe" [2007-08-19 11:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01261141-a1dc-11da-a911-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06dfb941-9dce-11da-ba1b-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b774a79-a4a7-11dc-a222-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f5ec8c1-9fc0-11da-8e52-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75d83041-9fcf-11da-82ad-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fa6ef8-9ce8-11da-a584-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8a11f9-a1da-11da-9d1f-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7987141-9f6f-11da-9755-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-09 07:44:00 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-11 19:16:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-11 19:16:48
    ComboFix-quarantined-files.txt 2008-02-11 18:16:46
    ComboFix2.txt 2008-02-09 08:35:53
    .
    2008-01-22 17:06:01 --- E O F ---

    Et celui de HitjacThis

    Logfile of HijackThis v1.99.1
    Scan saved at 19:21:03, on 11/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9DB30F1E-538B-4395-9E49-37C1429AB459} - (no file)
    O2 - BHO: (no name) - {A9FC865E-C91C-44C6-B4E8-611D8C9886A0} - C:\WINDOWS\system32\awtst.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3527DF56-B3C0-4DED-AB1B-1C6A45D1D4ED}: NameServer = 86.63.145.140,84.103.237.140
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: SrvDrive - {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    O21 - SSODL: zip - {34d61973-2b1e-44ac-9499-d23db8f37ddb} - C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll
    O21 - SSODL: RunOnceSetup - {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  11. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    C'est encore moi j'ai encore attrapé un cheval de Troie ""Win32:Small-FHL"" et Avast me dit qu'il ne peux l'enlever car il est utiliser par un autre processus, donc j'ai dit a Avast de ne rien faire .Quand je veus aller la ou est le cheval de troie ,il n'y ai pas .
    0
  12. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir

    Je t'avais demandé de télécharger ComboFix sur ton Bureau, pas dans C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus ce n'est pas pour rien... jette ta version de Combofix dans ce dossier Pour les virus et

    Retélécharge a nouveau ComboFix mais sur ton Bureau.

    ComboFix avec CFScript :

    * Sélectionne le texte suivant (en gras) dans son intégralité :

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DB30F1E-538B-4395-9E49-37C1429AB459}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FC865E-C91C-44C6-B4E8-611D8C9886A0}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNAgent]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SrvDrive"=-
    "zip"=-
    "RunOnceSetup"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSNAgent"=-

    File::
    C:\Program Files\tmp580984.exe
    C:\Program Files\tmp580531.exe
    C:\Program Files\tmp578359.exe
    C:\Program Files\tmp578343.exe
    C:\DOCUME~1\Sophie\LOCALS~1\Temp\winCB.exe
    C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll
    C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement .

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

    * Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal

    Ne touche à rien tant que le scan n'est pas terminé.

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

    Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.

    (Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

    @ suivre.
    0
  13. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Bonsoir sophiline
    Salut Indy ;o))

    j'espere ne pas arriver trop tard pour suivre.....

    @+
    0
  14. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Désoler mais comme le glisser sur combofix n'allait pas dedans j'ai mis dans mes documents ,je pensais bien faire donc voila ,mais en faisait un glisser sur combofix ,le fichier du bloc note est toujours sur mon bureau ,je ne sais pas si c'est bien cela ,mais il ne rentre pas dans combofix, je ne sais pas si tu comprends ce que je veux te dire , donc voila les rapports

    ComboFix 08-02-14.3 - Sophie 2008-02-14 18:22:28.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.464 [GMT 1:00]
    Endroit: C:\Documents and Settings\Sophie\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 20:34 . 2004-08-10 13:00 400,896 --a------ C:\kmd.exe
    2008-02-11 20:34 . 2008-02-14 18:23 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
    2008-02-10 16:04 . 2008-02-10 16:04 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-02-09 08:12 . 2008-02-09 08:51 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:00 . 2008-02-09 07:59 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-09 00:42 . 2008-02-11 18:17 <REP> d-------- C:\Program Files\a-squared
    2008-02-08 23:56 . 2008-02-12 18:51 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-02-08 23:52 . 2008-02-08 23:56 <REP> d-------- C:\Program Files\SpywareBlaster(2)
    2008-02-08 23:22 . 2008-02-08 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-08 22:38 . 2008-02-09 23:28 9,478 --a------ C:\WINDOWS\unins000.dat
    2008-02-06 18:46 . 2008-02-06 18:46 <REP> d-------- C:\Program Files\TGTSoft(2)
    2008-02-05 20:40 . 2008-02-05 20:40 <REP> d-------- C:\Program Files\TGTSoft(3)
    2008-01-31 18:15 . 2008-01-31 18:15 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\Lavasoft
    2008-01-29 20:53 . 2008-01-29 20:53 <REP> d-------- C:\Program Files\TGTSoft
    2008-01-27 16:31 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\TimePanic(2)
    2008-01-26 22:14 . 2008-02-08 11:37 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
    2008-01-25 13:59 . 2008-01-25 13:59 <REP> d-------- C:\Program Files\Java
    2008-01-25 13:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-25 13:58 . 2008-01-25 13:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-01-25 13:52 . 2008-01-27 12:57 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\OpenOffice.org2
    2008-01-25 13:44 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-01-20 18:24 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\a-squared Free
    2008-01-18 18:34 . 2008-01-26 22:17 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-18 17:50 . 2008-01-18 17:50 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\Jasc
    2008-01-18 10:37 . 2008-01-18 10:37 <REP> d-------- C:\Program Files\Tech

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-14 17:25 8,620,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-12 19:56 101,204 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-12 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-11 20:23 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-02-11 19:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-10 16:38 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Image Zone Express
    2008-02-10 15:33 --------- d-----w C:\Program Files\HP
    2008-02-10 15:20 4,674 ----a-w C:\Documents and Settings\Sophie\Application Data\wklnhst.dat
    2008-02-10 15:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-10 15:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-09 09:39 --------- d-----w C:\Program Files\DVB-Switcher (EN)
    2008-02-09 09:39 --------- d-----w C:\Program Files\Complete Cleanup Trial
    2008-02-09 08:02 2,181,086 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-09 07:29 1,665,536 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-02-08 22:57 --------- d-----w C:\Program Files\Lavasoft
    2008-02-08 22:22 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Lavasoft
    2008-02-08 20:38 1,651,200 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-01-30 19:56 1,632,768 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-01-29 19:46 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-26 21:53 1,640,960 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-01-26 21:14 1,632,768 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-01-22 17:06 --------- d-----w C:\Program Files\IncrediMail
    2008-01-22 16:56 --------- d-----w C:\Program Files\Microsoft AutoRoute
    2008-01-20 07:51 1,601,536 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-01-18 17:42 1,582,592 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-01-18 17:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-14 17:35 1,545,216 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-01-13 17:46 --------- d-----w C:\Program Files\Ahead
    2008-01-13 17:14 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-01-13 17:14 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-01-13 14:11 --------- d-----w C:\Program Files\eMule
    2008-01-13 08:54 --------- d-----w C:\Program Files\Avant Browser
    2008-01-12 14:11 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Uniblue
    2008-01-12 10:21 --------- d-----w C:\Program Files\a-squared Anti-Dialer
    2008-01-11 10:42 --------- d-----w C:\Documents and Settings\Sophie\Application Data\AdobeUM
    2008-01-11 10:39 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2008-01-11 10:25 --------- d-----w C:\Program Files\USB Wireless Keyboard Driver
    2008-01-11 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-10 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-01-09 20:11 --------- d-----w C:\Program Files\Windows Live
    2008-01-09 20:10 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-09 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-09 19:56 --------- d-----w C:\Program Files\Microsoft Money 2005
    2008-01-09 18:44 --------- d-----w C:\Documents and Settings\Jeanfi\Application Data\HP
    2008-01-09 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-09 18:39 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2008-01-09 18:39 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2008-01-08 21:58 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-08 21:09 --------- d-----w C:\Program Files\Zone Labs
    2008-01-08 21:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-08 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-08 19:49 --------- d-----w C:\Program Files\Yahoo!
    2007-12-22 09:48 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Ahead
    2007-12-21 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-21 09:15 32,768 ------w C:\WINDOWS\system32\MWLPS.dll
    2007-12-21 09:15 --------- d-----w C:\Program Files\Wireless LAN USB Dongle
    2007-12-16 10:47 82,760 ----a-w C:\Documents and Settings\Sophie\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-14 20:19 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Printer Info Cache
    2007-12-14 19:55 --------- d-----w C:\Program Files\Fichiers communs\HP
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-11 19:03 0 ----a-w C:\Documents and Settings\Kévin\Application Data\wklnhst.dat
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2005-07-06 17:58 5,159,500 ----a-w C:\Program Files\StyleXP 3.10.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DB30F1E-538B-4395-9E49-37C1429AB459}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9FC865E-C91C-44C6-B4E8-611D8C9886A0}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-20 12:21 214456]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-07-07 00:52 1359872]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
    "SMSERIAL"="sm56hlpr.exe" [2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-21 21:33 6731312]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
    "LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 13:54 357376]
    "CHotkey"="mHotkey.exe" [2004-12-08 17:57 550912 C:\WINDOWS\mHotkey.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SrvDrive"= {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll [2008-02-08 20:50 14374]
    "zip"= {34d61973-2b1e-44ac-9499-d23db8f37ddb} - C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll [2008-02-09 07:51 39462]
    "RunOnceSetup"= {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll [2008-02-08 21:35 14374]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless LAN USB Dongle.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Sophie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Sophie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
    --a------ 2008-01-12 11:20 1329152 C:\Program Files\a-squared Anti-Dialer\a2adguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
    --a------ 2005-01-31 15:09 458752 C:\Program Files\CA\Etrust Antivirus\Register.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIMACE]
    --a------ 2006-01-04 21:28 81920 C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-05 13:34 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    --a------ 2004-03-02 20:24 5576704 C:\WINDOWS\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
    C:\Program Files\Trust\250S Series\lwbwheel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNAgent]
    C:\DOCUME~1\Sophie\LOCALS~1\Temp\winCB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-02-14 01:19 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --a------ 2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -r------- 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
    --a------ 2005-07-07 00:52 1359872 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "x10nets"=2 (0x2)
    "StyleXPService"=2 (0x2)
    "RichVideo"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "a2AntiDialer"=2 (0x2)

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-20 00:31]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-20 00:31]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-20 00:32]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-20 00:29]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-20 00:37]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-20 00:30]
    R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-07-11 09:50]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 04:22]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
    S4 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Documents and Settings\Sophie\Mes documents\Fichiers pour les virus\a-squared Anti-Dialer\a2service.exe" [2007-08-19 11:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01261141-a1dc-11da-a911-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06dfb941-9dce-11da-ba1b-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b774a79-a4a7-11dc-a222-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f5ec8c1-9fc0-11da-8e52-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75d83041-9fcf-11da-82ad-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fa6ef8-9ce8-11da-a584-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8a11f9-a1da-11da-9d1f-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7987141-9f6f-11da-9755-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-09 07:44:00 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-14 18:25:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    -> C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
    .
    Temps d'accomplissement: 2008-02-14 18:26:05
    ComboFix-quarantined-files.txt 2008-02-14 17:26:03
    ComboFix2.txt 2008-02-14 17:17:57
    ComboFix3.txt 2008-02-11 19:39:52
    ComboFix4.txt 2008-02-11 18:16:49
    ComboFix5.txt 2008-02-09 08:35:53
    .
    2008-01-22 17:06:01 --- E O F ---

    __________________________________________________________________________________________

    Logfile of HijackThis v1.99.1
    Scan saved at 18:30:19, on 14/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Media Player\setup_wm.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9DB30F1E-538B-4395-9E49-37C1429AB459} - (no file)
    O2 - BHO: (no name) - {A9FC865E-C91C-44C6-B4E8-611D8C9886A0} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3527DF56-B3C0-4DED-AB1B-1C6A45D1D4ED}: NameServer = 86.63.145.140,84.103.237.140
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: SrvDrive - {dc7daa79-c1ae-426d-96b5-0d5af055d487} - C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    O21 - SSODL: zip - {34d61973-2b1e-44ac-9499-d23db8f37ddb} - C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll
    O21 - SSODL: RunOnceSetup - {9d68c1f6-0446-4043-83e5-66d18b02ad39} - C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  15. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir

    Il faut que les deux soient sur ton Bureau, ensuite tu fais comme cela :

    --> http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

    @ suivre.
    0
  16. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Hello Jeorgino

    Merci de ton passage ;-)

    @ +
    0
  17. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Bonjour

    En faite mon bureau était en invisible ,et en allant dans la barre des tache pour voir mon bureau sa ne fonctionnait pas , et en l'affichant c'est Ok

    ComboFix 08-02-15.2 - Sophie 2008-02-15 14:56:21.8 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.508 [GMT 1:00]
    Endroit: C:\Documents and Settings\Sophie\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Sophie\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\DOCUME~1\Sophie\LOCALS~1\Temp\winCB.exe
    C:\Program Files\tmp578343.exe
    C:\Program Files\tmp578359.exe
    C:\Program Files\tmp580531.exe
    C:\Program Files\tmp580984.exe
    C:\WINDOWS\Installer\{34d61973-2b1e-44ac-9499-d23db8f37ddb}\zip.dll
    C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll
    C:\WINDOWS\Installer\{dc7daa79-c1ae-426d-96b5-0d5af055d487}\SrvDrive.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Installer\{9d68c1f6-0446-4043-83e5-66d18b02ad39}\RunOnceSetup.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-15 14:56 . 2008-02-15 14:56 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
    2008-02-15 11:14 . 2008-02-15 11:14 <REP> d-------- C:\Program Files\TGTSoft
    2008-02-14 21:13 . 2008-02-15 00:38 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-02-11 20:34 . 2004-08-10 13:00 400,896 --a------ C:\kmd.exe
    2008-02-10 16:04 . 2008-02-10 16:04 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-02-09 08:12 . 2008-02-09 08:51 <REP> d-------- C:\VundoFix Backups
    2008-02-09 08:00 . 2008-02-09 07:59 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-09 00:42 . 2008-02-11 18:17 <REP> d-------- C:\Program Files\a-squared
    2008-02-08 23:56 . 2008-02-12 18:51 <REP> d-------- C:\Program Files\SpywareBlaster
    2008-02-08 23:52 . 2008-02-08 23:56 <REP> d-------- C:\Program Files\SpywareBlaster(2)
    2008-02-08 23:22 . 2008-02-08 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-08 22:38 . 2008-02-09 23:28 9,478 --a------ C:\WINDOWS\unins000.dat
    2008-01-31 18:15 . 2008-01-31 18:15 <REP> d-------- C:\Documents and Settings\Jeanfi\Application Data\Lavasoft
    2008-01-27 16:31 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\TimePanic(2)
    2008-01-26 22:14 . 2008-02-08 11:37 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
    2008-01-25 13:59 . 2008-01-25 13:59 <REP> d-------- C:\Program Files\Java
    2008-01-25 13:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-01-25 13:58 . 2008-01-25 13:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-01-25 13:52 . 2008-01-27 12:57 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\OpenOffice.org2
    2008-01-25 13:44 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-01-20 18:24 . 2008-01-29 20:46 <REP> d-------- C:\Program Files\a-squared Free
    2008-01-18 18:34 . 2008-01-26 22:17 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-01-18 17:50 . 2008-01-18 17:50 <REP> d-------- C:\Documents and Settings\Sophie\Application Data\Jasc
    2008-01-18 10:37 . 2008-01-18 10:37 <REP> d-------- C:\Program Files\Tech

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-15 13:49 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-02-15 13:28 8,824,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-15 13:28 104,492 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-14 21:03 4,966 ----a-w C:\Documents and Settings\Sophie\Application Data\wklnhst.dat
    2008-02-12 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-11 19:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-10 16:38 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Image Zone Express
    2008-02-10 15:33 --------- d-----w C:\Program Files\HP
    2008-02-10 15:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-10 15:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-09 09:39 --------- d-----w C:\Program Files\DVB-Switcher (EN)
    2008-02-09 09:39 --------- d-----w C:\Program Files\Complete Cleanup Trial
    2008-02-08 22:57 --------- d-----w C:\Program Files\Lavasoft
    2008-02-08 22:22 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Lavasoft
    2008-01-29 19:46 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-22 17:06 --------- d-----w C:\Program Files\IncrediMail
    2008-01-22 16:56 --------- d-----w C:\Program Files\Microsoft AutoRoute
    2008-01-18 17:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-13 17:46 --------- d-----w C:\Program Files\Ahead
    2008-01-13 17:14 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-01-13 17:14 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-01-13 14:11 --------- d-----w C:\Program Files\eMule
    2008-01-13 08:54 --------- d-----w C:\Program Files\Avant Browser
    2008-01-12 14:11 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Uniblue
    2008-01-12 10:21 --------- d-----w C:\Program Files\a-squared Anti-Dialer
    2008-01-11 10:42 --------- d-----w C:\Documents and Settings\Sophie\Application Data\AdobeUM
    2008-01-11 10:39 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2008-01-11 10:25 --------- d-----w C:\Program Files\USB Wireless Keyboard Driver
    2008-01-11 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-10 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-01-09 20:11 --------- d-----w C:\Program Files\Windows Live
    2008-01-09 20:10 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-09 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-09 19:56 --------- d-----w C:\Program Files\Microsoft Money 2005
    2008-01-09 18:44 --------- d-----w C:\Documents and Settings\Jeanfi\Application Data\HP
    2008-01-09 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-09 18:39 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2008-01-09 18:39 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2008-01-08 21:58 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-08 21:09 --------- d-----w C:\Program Files\Zone Labs
    2008-01-08 21:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-08 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-08 19:49 --------- d-----w C:\Program Files\Yahoo!
    2007-12-22 09:48 --------- d-----w C:\Documents and Settings\Sophie\Application Data\Ahead
    2007-12-21 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-21 09:15 --------- d-----w C:\Program Files\Wireless LAN USB Dongle
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-16 10:47 82,760 ----a-w C:\Documents and Settings\Sophie\Application Data\GDIPFONTCACHEV1.DAT
    2007-12-11 19:03 0 ----a-w C:\Documents and Settings\Kévin\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-01-20 12:21 214456]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
    "SMSERIAL"="sm56hlpr.exe" [2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-21 21:33 6731312]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
    "LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 13:54 357376]
    "CHotkey"="mHotkey.exe" [2004-12-08 17:57 550912 C:\WINDOWS\mHotkey.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Wireless LAN USB Dongle.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Sophie^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Sophie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
    --a------ 2008-01-12 11:20 1329152 C:\Program Files\a-squared Anti-Dialer\a2adguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
    --a------ 2005-01-31 15:09 458752 C:\Program Files\CA\Etrust Antivirus\Register.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    --a------ 2004-04-08 05:25 496752 C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIMACE]
    --a------ 2006-01-04 21:28 81920 C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-05 13:34 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    --a------ 2004-03-02 20:24 5576704 C:\WINDOWS\CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
    C:\Program Files\Trust\250S Series\lwbwheel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM-Reset]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-02-14 01:19 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --a------ 2005-08-24 21:04 548864 C:\WINDOWS\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -r------- 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
    --------- 2006-05-24 19:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "x10nets"=2 (0x2)
    "StyleXPService"=2 (0x2)
    "RichVideo"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "a2AntiDialer"=2 (0x2)

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-20 00:31]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-20 00:31]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-20 00:32]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-20 00:29]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-20 00:37]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-20 00:30]
    R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-07-11 09:50]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 04:22]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
    S4 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Documents and Settings\Sophie\Mes documents\Fichiers pour les virus\a-squared Anti-Dialer\a2service.exe" [2007-08-19 11:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01261141-a1dc-11da-a911-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06dfb941-9dce-11da-ba1b-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b774a79-a4a7-11dc-a222-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f5ec8c1-9fc0-11da-8e52-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75d83041-9fcf-11da-82ad-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fa6ef8-9ce8-11da-a584-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8a11f9-a1da-11da-9d1f-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7987141-9f6f-11da-9755-806d6172696f}]
    \Shell\AutoRun\command - D:\Autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-09 07:44:00 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-15 14:57:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-15 14:57:25
    ComboFix-quarantined-files.txt 2008-02-15 13:57:23
    ComboFix2.txt 2008-02-15 13:47:57
    ComboFix3.txt 2008-02-14 17:26:06
    ComboFix4.txt 2008-02-14 17:17:57
    ComboFix5.txt 2008-02-11 19:39:52
    .
    2008-02-14 23:38:46 --- E O F ---
    ______________________________________________________________________________________________

    Logfile of HijackThis v1.99.1
    Scan saved at 14:59:54, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3527DF56-B3C0-4DED-AB1B-1C6A45D1D4ED}: NameServer = 86.63.145.140,84.103.237.140
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  18. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sophilline

    1) Désinstallation de l'ancienne version d'HijackThis.

    Lance HijackThis et clique sur "Open misc tools section" avec la flèche a droite descends jusqu' a "uninstall HijackThis&exit

    Puis navigue jusqu'a C:\Program Files\Hijackthis Version Française <-- supprime ce dossier en gras

    2) Installation HijackThis 2.0.2

    Télécharge hijackthis sur ton Bureau.

    Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.

    Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .

    Puis clique sur "Do a system scan and save a logfile"

    Ferme HijackThis et fait un copier-coller du rapport en entier et poste le ici en réponse.

    Note : le rapport se trouve dans C:\Program Files\Trend Micro\HijackThis

    @ suivre.
    0
  19. sophiline Messages postés 1693 Date d'inscription   Statut Membre Dernière intervention   56
     
    Bonsoir Sioux

    J'ai une question a te poser ,pourquoi il faut télécharger sur le bureau et non pas dans un dossier que l'on créer ?
    Dit moi aussi que dois je faire du programme d'installation des logiciel qui sont sur mon bureau , je les enlèves ?

    Merci


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:17:32, on 15/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3527DF56-B3C0-4DED-AB1B-1C6A45D1D4ED}: NameServer = 86.63.145.140,84.103.237.140
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Sophie\Mes documents\Téléchargements de fichiers\Pour les virus\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  20. Le sioux Messages postés 4907 Statut Contributeur sécurité 496
     
    Bonsoir Sophieline

    Ne t inquiètes pas, je te fais télécharger volontairement sur ton Bureau.

    On te débarrassera de tout cela le temps voulu, je t'indiquerais quoi faire.

    Pour le moment :

    * Télécharge clean zip de Malekal_Morte http://www.malekal.com/download/clean.zip

    * Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
    * Ouvre le dossier Clean qui se trouve sur ton Bureau.
    * Double-clique sur clean.cmd.
    Une fenêtre noire va apparaître,

    choisis l'option 1

    Puis poste le rapport qui va s'ouvrir (il se trouve aussi ici C:\rapport_clean.txt)

    @ suivre
    0
  • 1
  • 2
  • 3