Antivirus xp 2008

Bonjour ep44,
j'ai suivi tes directives
malwarebytes n'a pu tous supprimer les éléments infecté

Malwarebytes' Anti-Malware 1.24
Database version: 1013
Windows 5.1.2600 Service Pack 3

18:28:16 01/08/2008
mbam-log-8-1-2008 (18-28-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 150411
Time elapsed: 1 hour(s), 35 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 22
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ljJCtrst.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hyhlsw.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{242b7572-8ae4-4fcf-847a-0eaf2d9d7b95} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{242b7572-8ae4-4fcf-847a-0eaf2d9d7b95} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5a5f5a1-38da-46dc-9afe-73970d03d068} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5a5f5a1-38da-46dc-9afe-73970d03d068} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjctrst -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjctrst -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ljJCtrst.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tsrtCJjl.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tsrtCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hyhlsw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1DQ7L60T\favicon[3].ico (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1DQ7L60T\MediaTubeCodec_ver1.668.1[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7SB94LEB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ZJ71RHNR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Cartoonist\exitpoll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255645.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255677.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255678.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255685.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255692.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255699.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255703.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255705.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255720.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255725.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\snapshot\MFEX-1.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP976\A0243163.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivnqoqht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\staipb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uepqgiar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wjvuisxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyXQKEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 3.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.29 MiB / 558.89 MiB
Pagefile Memory (total/avail): 2460.24 MiB / 2016.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.93 MiB

C: is Fixed (NTFS) - 225.9 GiB total, 89.74 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 3.22 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 6.97 GiB - D:
\PARTITION1 (bootable) - Système de fichiers installable - 225.9 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - HP psc 2410 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Propri‚taire\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=FIXE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Propri‚taire
LOGONSERVER=\\FIXE
NewEnvironment1=C:\Program Files\ATI Technologies\ATI.ACE\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
USERDOMAIN=FIXE
USERNAME=HP_Propri‚taire
USERPROFILE=C:\Documents and Settings\HP_Propri‚taire
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Propriétaire [I](admin)/I
Administrateur [I](admin)/I


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI Catalyst Control Center --> MsiExec.exe /I{67A386CE-825D-40DA-8DC8-2098E33B8FF3}
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Cartoonist 1.0 --> "C:\Program Files\Cartoonist\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Complément Microsoft Word pour Microsoft Works Suite --> MsiExec.exe /I{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}
Connexion Facile à Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Encyclopédie Microsoft Encarta 2005 --> MsiExec.exe /I{05460044-64A6-4248-A026-9745C1E9E159}
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Appareils photos Photosmart 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.5.4 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.4 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HPIZplus450 --> MsiExec.exe /X{5A4E3B3A-D1E1-4586-9249-2DA68D0B09D2}
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money --> c:\program files\microsoft money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft Photo Premium 10 --> "C:\Program Files\Fichiers communs\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
MSN Screen Saver (Beta) --> MsiExec.exe /X{54771783-5D95-48B9-A012-23EC33761369}
PC-Doctor for Windows --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1036
PC SECURITY TEST 2007 --> "C:\Program Files\AxBx\PC Security Test 2007\unins000.exe"
PCTV USB2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9810C3D4-4799-42AB-BCF8-48D93A6C5E15}\Setup.exe" -l0x40c UNINSTALL
Photosmart 320,370,7400,8100,8400 Series (fra) --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SpamPal --> "C:\Program Files\SpamPal\Uninstall.exe" "C:\Program Files\SpamPal\install.log"
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sélecteur d'installation de Microsoft Works 2005 --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\
TerraExplorer --> C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless SoftAP Version 2.7.11.0 --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E1C98B51-B9FD-4D9A-A3CB-F70D97CC5EFA}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type17574 / Error
Event Submitted/Written: 07/20/2008 11:12:36 PM
Event ID/Source: 4609 / EventSystem
Event Description:
Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 80080005 à partir de la ligne 44 de f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreur.

Event Record #/Type17570 / Warning
Event Submitted/Written: 07/20/2008 06:20:47 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

Event Record #/Type17551 / Success
Event Submitted/Written: 07/20/2008 10:13:40 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type17523 / Success
Event Submitted/Written: 07/19/2008 11:30:33 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type17506 / Error
Event Submitted/Written: 07/18/2008 08:39:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée msnmsgr.exe, version 8.1.178.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27200 / Error
Event Submitted/Written: 08/01/2008 08:49:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service wuauserv avec les arguments ""
pour démarrer le serveur :
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type27199 / Warning
Event Submitted/Written: 08/01/2008 08:48:07 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Votre ordinateur a automatiquement configuré l'adresse IP pour la
carte avec l'adresse réseau 0012BF065750. L'adresse IP utilisée est 169.254.64.136.

Event Record #/Type27162 / Error
Event Submitted/Written: 08/01/2008 07:01:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service wuauserv avec les arguments ""
pour démarrer le serveur :
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type27161 / Warning
Event Submitted/Written: 08/01/2008 07:00:20 PM
Event ID/Source: 8021 / BROWSER
Event Description:
L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\NOMADE sur le réseau \Device\NetBT_Tcpip_{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}.
La donnée est le code d'erreur.

Event Record #/Type27153 / Warning
Event Submitted/Written: 08/01/2008 06:36:29 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Votre ordinateur a automatiquement configuré l'adresse IP pour la
carte avec l'adresse réseau 0012BF065750. L'adresse IP utilisée est 169.254.64.136.



-- End of Deckard's System Scanner: finished at 2008-08-01 21:59:23 ------------

Deckard's System Scanner v20071014.68
Run by HP_Propriétaire on 2008-08-01 23:05:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Propriétaire.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:03, on 01/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_PRO~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1dd36c65-dcdd-408c-88a4-7050986707d5} - C:\WINDOWS\system32\ryycsu.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68548C23-2C63-46E0-8042-AEE994F90D4A} - C:\WINDOWS\system32\ljJCtrst.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [b4a72fb0] rundll32.exe "C:\WINDOWS\system32\bfegocmw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: hyhlsw.dll ryycsu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Bonjour ep44,
suivi tes tes indications ci-joint le log Combofix

ComboFix 08-07-31.06 - HP_Propriétaire 2008-08-02 10:37:38.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\Outils.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tsrtCJjl.ini
C:\WINDOWS\system32\tsrtCJjl.ini2
C:\WINDOWS\system32\wmcogefb.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
.

2008-08-01 21:56 . 2008-08-01 21:56 <REP> d-------- C:\Deckard
2008-08-01 19:23 . <REP> C:\Documents and Settings\HP_Propri'taire
2008-08-01 18:53 . 2008-08-01 18:58 <REP> d-------- C:\Program Files\CCleaner
2008-08-01 18:45 . 2008-08-01 18:45 129,920 --a------ C:\WINDOWS\system32\ryycsu.dll
2008-08-01 18:45 . 2008-08-01 18:45 129,920 --a------ C:\WINDOWS\system32\lauvvpvy.dll
2008-08-01 18:45 . 2008-08-01 18:45 99,712 --a------ C:\WINDOWS\system32\bfegocmw.dll
2008-08-01 16:45 . 2008-08-01 16:45 99,200 --a------ C:\WINDOWS\system32\cjrknpek.dll
2008-07-31 21:55 . 2008-07-31 21:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 21:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 21:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 20:28 . 2008-07-31 20:28 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-07-31 20:24 . 2008-07-31 20:24 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-31 20:19 . 2008-07-31 20:40 <REP> d-------- C:\SDFix
2008-07-31 19:42 . 2008-07-31 19:42 <REP> d-------- C:\Program Files\Trend Micro
2008-07-30 20:56 . 2008-07-30 20:56 98 --a------ C:\WINDOWS\wininit.ini
2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-27 11:08 . 2007-01-04 18:18 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-27 11:08 . 2008-08-02 10:42 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-27 11:08 . 2005-01-02 02:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-07-27 11:08 . 2005-01-02 02:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-07-27 11:08 . 2008-07-27 11:08 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-14 10:31 . 2008-07-14 10:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-07-14 10:29 . 2008-07-18 22:27 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 17:23 --------- d-----w C:\Program Files\JoWooD
2008-08-01 16:53 --------- d-----w C:\Program Files\Yahoo!
2008-07-27 00:02 --------- d-----w C:\Program Files\eChanblard
2008-07-22 20:56 --------- d-----w C:\Program Files\Java
2008-06-20 19:50 --------- d-----w C:\Program Files\DivX
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2005-05-23 18:16 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dd36c65-dcdd-408c-88a4-7050986707d5}]
2008-08-01 18:45 129920 --a------ C:\WINDOWS\system32\ryycsu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-25 05:10 344064]
"SoftAP"="C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe" [2004-12-08 14:34 561152]
"Wireless SoftAP"="C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" [2004-12-08 14:33 913408]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-15 19:49 185896]
"b4a72fb0"="C:\WINDOWS\system32\bfegocmw.dll" [2008-08-01 18:45 99712]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 22:49 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 22:32 2754560 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hyhlsw.dll ryycsu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winew86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winia88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn80.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrd68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6672:UDP"= 6672:UDP:echamblardNext
"6662:TCP"= 6662:TCP:echamblardNext

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 PCTWPASV;SoftAP WPA Authenticator Service;C:\Program Files\Arcadyan Wireless\pctwpasv.exe [2004-08-06 09:41]
R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 11:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S0 Winew86;Winew86;C:\WINDOWS\system32\Drivers\Winew86.sys []
S0 Winia88;Winia88;C:\WINDOWS\system32\Drivers\Winia88.sys []
S0 Winjn80;Winjn80;C:\WINDOWS\system32\Drivers\Winjn80.sys []
S0 Winrd68;Winrd68;C:\WINDOWS\system32\Drivers\Winrd68.sys []
S0 Winuw62;Winuw62;C:\WINDOWS\system32\Drivers\Winuw62.sys []
S3 Arcadyan;Arcadyan NDIS Protocol Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\Arcadyan.SYS [2004-08-20 03:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54a3dd2-435b-11dd-a5fd-0011d8c2761f}]
\Shell\AutoRun\command - L:\EmDesk.exe
\Shell\EmDesk\command - L:\EmDesk.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{68548C23-2C63-46E0-8042-AEE994F90D4A} - C:\WINDOWS\system32\ljJCtrst.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}: NameServer = 192.168.1.1

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 10:43:07
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\bfegocmw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-02 10:47:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 08:47:21

Pre-Run: 96,257,564,672 octets libres
Post-Run: 96,179,130,368 octets libres

207 --- E O F --- 2008-07-14 15:46:52

le rapport Combofix

ComboFix 08-07-31.06 - HP_Propriétaire 2008-08-02 13:46:16.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.574 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\Outils.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\bfegocmw.dll
C:\WINDOWS\system32\cjrknpek.dll
C:\WINDOWS\system32\lauvvpvy.dll
C:\WINDOWS\system32\ryycsu.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bfegocmw.dll
C:\WINDOWS\system32\cjrknpek.dll
C:\WINDOWS\system32\lauvvpvy.dll
C:\WINDOWS\system32\ryycsu.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
.

2008-08-02 10:47 . 2008-08-02 10:47 <REP> d-------- C:\Documents and Settings\HP_Propriétaire
2008-08-02 10:47 . <REP> C:\Documents and Settings\HP_PropriÚtaire\Local Settings
2008-08-02 10:47 . <REP> C:\Documents and Settings\HP_PropriÚtaire\Local Settings
2008-08-02 10:47 . 2008-08-02 13:31 354 ---hs---- C:\WINDOWS\system32\wmcogefb.ini
2008-08-01 21:56 . 2008-08-01 21:56 <REP> d-------- C:\Deckard
2008-08-01 19:23 . <REP> C:\Documents and Settings\HP_Propri'taire
2008-08-01 18:53 . 2008-08-01 18:58 <REP> d-------- C:\Program Files\CCleaner
2008-07-31 21:55 . 2008-07-31 21:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 21:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 21:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 20:28 . 2008-07-31 20:28 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-07-31 20:24 . 2008-07-31 20:24 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-31 20:19 . 2008-07-31 20:40 <REP> d-------- C:\SDFix
2008-07-31 19:42 . 2008-07-31 19:42 <REP> d-------- C:\Program Files\Trend Micro
2008-07-30 20:56 . 2008-07-30 20:56 98 --a------ C:\WINDOWS\wininit.ini
2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-27 11:08 . 2007-01-04 18:18 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-27 11:08 . 2008-08-02 10:42 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-27 11:08 . 2005-01-02 02:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-07-27 11:08 . 2005-01-02 02:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-07-27 11:08 . 2008-07-27 11:08 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-14 10:31 . 2008-07-14 10:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-07-14 10:29 . 2008-07-18 22:27 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 17:23 --------- d-----w C:\Program Files\JoWooD
2008-08-01 16:53 --------- d-----w C:\Program Files\Yahoo!
2008-07-27 00:02 --------- d-----w C:\Program Files\eChanblard
2008-07-22 20:56 --------- d-----w C:\Program Files\Java
2008-06-20 19:50 --------- d-----w C:\Program Files\DivX
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2005-05-23 18:16 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-02_10.47.04.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-02 11:50:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-25 05:10 344064]
"SoftAP"="C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe" [2004-12-08 14:34 561152]
"Wireless SoftAP"="C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" [2004-12-08 14:33 913408]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-15 19:49 185896]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 22:49 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 22:32 2754560 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winew86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winia88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn80.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrd68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6672:UDP"= 6672:UDP:echamblardNext
"6662:TCP"= 6662:TCP:echamblardNext

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 PCTWPASV;SoftAP WPA Authenticator Service;C:\Program Files\Arcadyan Wireless\pctwpasv.exe [2004-08-06 09:41]
R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 11:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S0 Winew86;Winew86;C:\WINDOWS\system32\Drivers\Winew86.sys []
S0 Winia88;Winia88;C:\WINDOWS\system32\Drivers\Winia88.sys []
S0 Winjn80;Winjn80;C:\WINDOWS\system32\Drivers\Winjn80.sys []
S0 Winrd68;Winrd68;C:\WINDOWS\system32\Drivers\Winrd68.sys []
S0 Winuw62;Winuw62;C:\WINDOWS\system32\Drivers\Winuw62.sys []
S3 Arcadyan;Arcadyan NDIS Protocol Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\Arcadyan.SYS [2004-08-20 03:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54a3dd2-435b-11dd-a5fd-0011d8c2761f}]
\Shell\AutoRun\command - L:\EmDesk.exe
\Shell\EmDesk\command - L:\EmDesk.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-b4a72fb0 - C:\WINDOWS\system32\bfegocmw.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 13:51:02
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-02 13:55:35 - machine was rebooted [HP_Propri‚taire]
ComboFix-quarantined-files.txt 2008-08-02 11:55:31
ComboFix2.txt 2008-08-02 08:47:27

Pre-Run: 96,157,106,176 octets libres
Post-Run: 96,144,343,040 octets libres

182 --- E O F --- 2008-07-14 15:46:52

Bonjour ep44,

ci-dessous le rapport de Bitdefender


BitDefender Online Scanner



Scan report generated at: Sat, Aug 02, 2008 - 21:39:24





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;







Statistics

Time
02:13:29

Files
608167

Folders
9762

Boot Sectors
3

Archives
16328

Packed Files
31301




Results

Identified Viruses
7

Infected Files
18

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
22




Engines Info

Virus Definitions
1412989

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
43

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
Infected with: Trojan.Hacktool.Tpatch.C

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
Deleted

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco
Updated

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Detected with: Application.VTesttool.A

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Deleted

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
Update failed

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Detected with: Application.VTesttool.B

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
Infected with: Trojan.Hacktool.Tpatch.C

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
Deleted

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco
Updated

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Detected with: Application.VTesttool.A

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Deleted

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Detected with: Application.VTesttool.B

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe=>(Instyler o)=>(Instyler Module 61)
Detected with: Spyware.Keypresshooker.C

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe=>(Instyler o)=>(Instyler Module 61)
Deleted

C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
Detected with: Application.VTesttool.A

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
Detected with: Application.VTesttool.B

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
Detected with: Application.VTesttool.A

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
Detected with: Application.VTesttool.B

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
Update failed

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Windows\Active Desktop\adc.exe=>(Instyler o)=>(Instyler Module 61)
Detected with: Spyware.Keypresshooker.C

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Windows\Active Desktop\adc.exe=>(Instyler o)=>(Instyler Module 61)
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Windows\Active Desktop\adc.exe=>(Instyler o)
Update failed

C:\SDFix\backups\backups.zip=>backups/phcthoj0eear.bmp
Infected with: Trojan.FakeAlert.UM

C:\SDFix\backups\backups.zip=>backups/phcthoj0eear.bmp
Deleted

C:\SDFix\backups\backups.zip
Updated

C:\SDFix\backups\backups.zip=>backups/pphcthoj0eear.exe
Infected with: Trojan.FakeAlert.TR

C:\SDFix\backups\backups.zip=>backups/pphcthoj0eear.exe
Deleted

C:\SDFix\backups\backups.zip
Updated

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)=>lzma_solid_nsis0000
Detected with: Adware.XpAntivirus.AJ

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)
Update failed

Le rapport de VirusTotal

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.29.1 2008.08.02 -
AntiVir 7.8.1.15 2008.08.01 -
Authentium 5.1.0.4 2008.08.03 -
Avast 4.8.1195.0 2008.08.02 -
AVG 8.0.0.156 2008.08.02 -
BitDefender 7.2 2008.08.03 -
CAT-QuickHeal 9.50 2008.08.02 -
ClamAV 0.93.1 2008.08.03 -
DrWeb 4.44.0.09170 2008.08.03 -
eSafe 7.0.17.0 2008.08.03 -
eTrust-Vet 31.6.6002 2008.08.02 -
Ewido 4.0 2008.08.03 -
F-Prot 4.4.4.56 2008.08.03 -
F-Secure 7.60.13501.0 2008.08.03 -
Fortinet 3.14.0.0 2008.08.03 -
GData 2.0.7306.1023 2008.08.03 -
Ikarus T3.1.1.34.0 2008.08.03 -
K7AntiVirus 7.10.402 2008.08.02 -
Kaspersky 7.0.0.125 2008.08.03 -
McAfee 5352 2008.08.01 -
Microsoft 1.3807 2008.08.03 -
NOD32v2 3322 2008.08.03 -
Norman 5.80.02 2008.08.01 -
Panda 9.0.0.4 2008.08.03 -
PCTools 4.4.2.0 2008.08.03 -
Prevx1 V2 2008.08.03 -
Rising 20.55.62.00 2008.08.03 -
Sophos 4.31.0 2008.08.03 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.03 -
TheHacker 6.2.96.392 2008.08.02 -
TrendMicro 8.700.0.1004 2008.08.01 -
VBA32 3.12.8.2 2008.08.02 -
ViRobot 2008.8.1.1321 2008.08.01 -
VirusBuster 4.5.11.0 2008.08.02 -
Webwasher-Gateway 6.6.2 2008.08.03 -
Information additionnelle
File size: 204800 bytes
MD5...: a78fc0cb90715ed223ef9efdf8f43041
SHA1..: c405bec32b2d2a0f51c878b4535e29011e1d4246
SHA256: b260650bac6b93bb8ed4fd284ea9d6ef445ad57ea1f2ad7140028c9c59b5a0b1
SHA512: db2318ca3189b2591cc83b7f01aa2f7e0205efbe9fc95abcbcc1ead161ec0b36
e343041b452145566ad4d7a8e3b93ba730fb56325160f39285f338c964529347
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40cdc6
timedatestamp.....: 0x40f70959 (Thu Jul 15 22:46:49 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b4c0 0x1c000 6.55 daa29fe034da67a7b139565863a1898d
.rdata 0x1d000 0x8da2 0x9000 6.36 85a276c84445b01bd08f242c92692b22
.data 0x26000 0x7324 0x2000 3.24 155e6105b8701a9dd6cd5e5f732aecc1
.rsrc 0x2e000 0x9210 0xa000 4.99 29902809e390d408205a40be0d2bec8a

( 13 imports )
> PCTIN50.dll: W32N_IsWindows95, W32N_PacketReadEx, W32N_IsWindowsNT, W32N_CloseAdapter, W32N_PacketSend, W32N_GetLastError, W32N_GetFirstAdapterRegistryInfo, W32N_GetNextAdapterRegistryInfo, W32N_MakeNdisRequest, W32N_OpenAdapterA, W32N_OpenProtocolDriver
> WS2_32.dll: -, -
> CFGMGR32.dll: CM_Get_DevNode_Status
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiGetDeviceRegistryPropertyA, SetupDiEnumDeviceInfo, SetupDiGetClassDevsA, SetupDiOpenDevRegKey, SetupDiClassGuidsFromNameA
> KERNEL32.dll: GlobalFlags, GetCPInfo, GetOEMCP, WriteFile, SetFilePointer, FlushFileBuffers, GetCurrentProcess, ExitProcess, RtlUnwind, HeapAlloc, HeapFree, GetStartupInfoA, GetSystemTimeAsFileTime, RaiseException, HeapReAlloc, HeapSize, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetTimeZoneInformation, SetUnhandledExceptionFilter, VirtualProtect, GetSystemInfo, VirtualQuery, IsBadReadPtr, IsBadCodePtr, SetStdHandle, SetEnvironmentVariableA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LoadLibraryA, FreeLibrary, lstrcmpW, lstrcmpA, InterlockedIncrement, InterlockedDecrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, SetErrorMode, GetProcAddress, lstrcpyA, lstrcatA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, lstrcpynA, WaitForMultipleObjects, CreateMutexA, ReleaseMutex, WaitForSingleObjectEx, GetTickCount, GetCurrentThreadId, WaitForMultipleObjectsEx, ResetEvent, lstrcmpiA, CompareStringW, CompareStringA, GetVersion, MultiByteToWideChar, Sleep, TerminateThread, ExitThread, SuspendThread, ResumeThread, FormatMessageA, GetCommandLineA, OutputDebugStringA, CreateThread, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, SetEvent, WaitForSingleObject, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LocalAlloc, LocalFree, lstrlenA, SetLastError, GetVersionExA, QueryDosDeviceA, GetLastError, DefineDosDeviceA, CreateEventA, CloseHandle, CreateFileA, GetModuleHandleA, GetModuleFileNameA, GetShortPathNameA, GetSystemDirectoryA
> USER32.dll: DestroyMenu, SetMenuItemBitmaps, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, ClientToScreen, SetWindowTextA, ValidateRect, RegisterWindowMessageA, WinHelpA, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetFocus, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, TabbedTextOutA, GetMessagePos, LoadIconA, MapWindowPoints, GetKeyState, SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, DrawTextA, DrawTextExA, GrayStringA, SetTimer, GetClassInfoA, UnregisterClassA, GetDlgCtrlID, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, GetWindowTextA, SendMessageA, MessageBoxA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, LoadCursorA, GetSystemMetrics, GetMessageTime, KillTimer, DefWindowProcA, PostQuitMessage, ShowWindow, CreateWindowExA, RegisterClassA, WaitMessage, TranslateMessage, PeekMessageA, DispatchMessageA, FindWindowA, PostMessageA, wvsprintfA, wsprintfA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu
> GDI32.dll: GetStockObject, DeleteDC, SetMapMode, RestoreDC, SaveDC, ExtTextOutA, CreateBitmap, DeleteObject, SetBkColor, SetTextColor, GetClipBox, GetDeviceCaps, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape,
+TextOutA, RectVisible, PtVisible
> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA
> ADVAPI32.dll: RegCloseKey, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, RegOpenKeyExA, RegQueryValueExA, CryptGenRandom, CryptAcquireContextA, CryptReleaseContext, StartServiceCtrlDispatcherA, OpenServiceA, ControlService, QueryServiceStatus, DeleteService, OpenSCManagerA, CreateServiceA, CloseServiceHandle, RegisterServiceCtrlHandlerA, SetServiceStatus
> COMCTL32.dll: -
> SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
> OLEAUT32.dll: -, -, -
> OLEACC.dll: CreateStdAccessibleObject, LresultFromObject

( 0 exports )



ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Plus de fenêtres intempestives Internet Explorer
Plus de fenêtres d'Erreur d'applications...(lors du démarrage du pc)
Plus de trace d'Antivirus XP 2008 dans le panneau de configuration
La bureau à retrouver une apparente stabilité
Me laisse une période de "rodage" pour avis ferme et définitif pour éventuelles séquelles

Te remercie de ta patience, ta compétence et de ton abnégation

Salutation
Sandromaniac