Votre question

Besoin d'un nettoyage:Trojan Zlob.ZWU + Zlob.IC + Vundo.BY

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Juin 2008 04:21:04

Bon reveil !

Windows defender me fait signe que j'ai 3 Trojan : deux trojanDowloader (Zlob de leur nom de famille apparement) et un Vundo.

Si quelqu'un pouvais me donner une belle solution :) 

voici le compte rendu Hijackthis (j'ai déja tenté de suprimer des fichier mais ils réaparaissent)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:55:47, on 30/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\Atwtusb.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S3B5A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vTLdbBuv.dll,#1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [400cab12] rundll32.exe "C:\Windows\system32\lwnsbavi.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [400cab12] rundll32.exe "C:\Windows\system32\lwnsbavi.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Elsa\AppData\Local\Temp\xxywTJBT.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C1538A8-A1FA-4D89-81B3-6E0304E49140}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--


et je vous donne aussi le rapport de AntiVir

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 08:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 07:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 07:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 07:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 22:46:11
ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 22:46:11
ANTIVIR3.VDF : 7.0.5.19 139264 Bytes 29/06/2008 22:46:12
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 08:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 29/06/2008 22:46:24
AESCN.DLL : 8.1.0.22 119157 Bytes 29/06/2008 22:46:23
AERDL.DLL : 8.1.0.20 418165 Bytes 29/06/2008 22:46:22
AEPACK.DLL : 8.1.1.6 364918 Bytes 29/06/2008 22:46:21
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 29/06/2008 22:46:20
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 29/06/2008 22:46:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 29/06/2008 22:46:17
AEGEN.DLL : 8.1.0.29 307573 Bytes 29/06/2008 22:46:16
AEEMU.DLL : 8.1.0.6 430451 Bytes 29/06/2008 22:46:15
AECORE.DLL : 8.1.0.31 168310 Bytes 29/06/2008 22:46:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 16:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 09:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 16:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 07:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 07:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 16:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 16:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 11:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 13:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 11:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 30 juin 2008 02:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'aswclear.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Atwtusb.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
62 processes with 62 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Elsa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHPATJ5K\file[1].exe
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.CV
[NOTE] The file was deleted!
C:\Users\Elsa\AppData\Local\Temp\atmadm2.exe
[DETECTION] Contains detection pattern of the rootkit RKIT/Clbd.CV
[NOTE] The file was deleted!
C:\Users\Elsa\AppData\Local\Temp\vista_sp1.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\' <RECOVERY>


End of the scan: lundi 30 juin 2008 04:19
Used time: 2:07:45 min

The scan has been done completely.

18498 Scanning directories
[]323373 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
323370 Files not concerned
1283 Archives were scanned
2 Warnings
3 Notes[/]



merci beaucoup !

Autres pages sur : besoin nettoyage trojan zlob zwu zlob vundo

30 Juin 2008 10:16:36

:hello:  Bonjour,

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

**Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    a b 9 Windows
    30 Juin 2008 10:42:17

    fixes ces lignes avec hijackthis:

    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vTLdbBuv.dll,#1

    O4 - HKLM\..\Run: [400cab12] rundll32.exe "C:\Windows\system32\lwnsbavi.dll",b

    O4 - HKCU\..\Run: [400cab12] rundll32.exe "C:\Windows\system32\lwnsbavi.dll",b

    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Elsa\AppData\Local\Temp\xxywTJBT.dll,#1

    O4 - Global Startup: QuickSet.lnk = ?



    Contenus similaires
    30 Juin 2008 10:50:04

    bilox2000,

    Tu peux arrêter de squatter mes désinfections ? :o 

    Merci.
    a b 9 Windows
    30 Juin 2008 10:57:40

    quoi?

    c'est la concurrence ou de l'aide?
    30 Juin 2008 10:59:46

    Re,

    Je te renvoie aux règles du forum.

    Ensuite, tu n'es pas en mesure d'aider les internautes.

    Si penses venir à bout d'un trojan vundo/virtumonde, ça prouve que tu n'y connais pas grand chose :) 

    Ce qui compte, c'est avant tout la satisfaction de l'internaute et la qualité des informations/instructions que nous lui donnons. C'est un "helper" par sujet, et non deux, sinon ça gêne le bon déroulement des désinfections.

    :) 
    a b 9 Windows
    30 Juin 2008 11:03:41

    ok, pour un helper dans les sujets.

    bonne continuation.
    30 Juin 2008 16:08:19

    ouh j'ai eu du mal, mais voici les rapports :

    combofix :


    ComboFix 08-06-20.4 - 2008-06-30 15:23:39.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1366 [GMT 3:00]
    Endroit: C:\Users/Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\SW_Win2146X32.DLL
    C:\Windows\system32\afcwiuow.ini
    C:\Windows\System32\BJRYceLm.ini
    C:\Windows\System32\BJRYceLm.ini2
    C:\Windows\system32\ivabsnwl.ini
    C:\Windows\System32\kUFfihQr.ini
    C:\Windows\System32\kUFfihQr.ini2
    C:\Windows\system32\mLecYRJB.dll
    C:\Windows\System32\NpYJRqss.ini
    C:\Windows\System32\NpYJRqss.ini2
    C:\Windows\system32\ocvqbidp.ini
    C:\Windows\system32\rQhifFUk.dll
    C:\Windows\system32\ssqRJYpN.dll
    C:\Windows\system32\vsanbpoe.ini
    C:\Windows\system32\x64

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 12:21 91,520 ----a-w C:\Windows\System32\pdibqvco.dll
    2008-06-29 22:42 --------- d-----w C:\ProgramData\Avira
    2008-06-29 22:42 --------- d-----w C:\Program Files\Avira
    2008-06-29 21:25 317,632 ----a-w C:\Windows\System32\tuvTmKee.dll
    2008-06-29 21:18 28,800 ----a-w C:\Windows\System32\khfGwUmn.dll
    2008-06-29 21:18 28,800 ----a-w C:\Windows\System32\byXQICVm.dll
    2008-06-29 21:03 --------- d-----w C:\Users\Elsa\AppData\Roaming\Azureus
    2008-06-29 20:26 --------- d-----w C:\ProgramData\FLEXnet
    2008-06-29 20:07 --------- d-----w C:\ProgramData\ALM
    2008-06-29 20:05 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-06-29 20:05 --------- d-----w C:\Program Files\Bonjour
    2008-06-29 19:49 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-06-29 19:07 --------- d-----w C:\Program Files\PowerISO
    2008-06-29 16:00 --------- d-----w C:\Program Files\Azureus
    2008-06-29 15:48 --------- d-----w C:\ProgramData\Azureus
    2008-06-29 08:49 311,296 ----a-w C:\Windows\pntqkflv.dll
    2008-06-29 08:49 249,856 ----a-w C:\Windows\qegbdmwf.dll
    2008-06-18 13:20 --------- d-----w C:\Program Files\USB Tablet
    2008-06-18 04:07 --------- d--h--w C:\ProgramData\CanonBJ
    2008-06-17 20:13 --------- d-----w C:\Program Files\Softinterface, Inc
    2008-06-12 06:28 56,108 ----a-w C:\Windows\system32\drivers\scdemu.sys
    2008-06-09 01:46 --------- d-----w C:\ProgramData\Roxio
    2008-06-02 15:48 --------- d-----w C:\Users\AppData\Roaming\Samsung
    2008-06-02 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 14:01 --------- d-----w C:\Program Files\Samsung
    2008-06-02 12:15 1,650,688 ----a-w C:\Windows\System32\beconvlib.dll
    2008-05-23 08:45 126,976 ----a-w C:\Windows\System32\beconv.dll
    2008-05-16 14:45 558 ----a-w C:\Users\AppData\Roaming\wklnhst.dat
    2008-05-15 13:32 --------- d-----w C:\ProgramData\Macrovision
    2008-05-15 13:10 --------- d-----w C:\Program Files\CyberLink
    2008-05-15 13:08 --------- d-----w C:\Program Files\EPSON
    2008-05-15 12:59 --------- d-----w C:\ProgramData\Skype
    2008-05-15 12:49 --------- d-----w C:\ProgramData\eMule
    2008-05-15 12:31 --------- d-----w C:\Users\AppData\Roaming\skypePM
    2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 07:36 98,304 ----a-w C:\Windows\System32\DVM.dll
    2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-04-14 11:01 765,952 ----a-w C:\Windows\System32\tx14.dll
    2008-04-14 02:20 557,056 ----a-w C:\Windows\System32\tx14_rtf.dll
    2008-04-13 23:05 331,776 ----a-w C:\Windows\System32\tx14_css.dll
    2008-04-13 22:00 1,052,672 ----a-w C:\Windows\System32\tx14_dox.dll
    2008-04-08 02:10 667,648 ----a-w C:\Windows\System32\tx14_doc.dll
    2008-04-06 23:36 249,856 ----a-w C:\Windows\System32\tx14_htm.dll
    2008-04-03 22:22 618,496 ----a-w C:\Windows\System32\tx14_pdf.dll
    2008-01-14 19:49 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-14 19:49 32 ----a-w C:\ProgramData\ezsid.dat
    2006-11-02 12:48 174 --sha-w C:\Program Files\desktop.ini
    2008-02-13 22:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-02-13 22:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-02-13 22:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-20 00:32 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:34 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 02:52 815104]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-15 21:08 98304]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-15 21:07 106496]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-15 21:07 81920]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-14 14:25 77824]
    "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 08:11 303104 C:\Windows\sttray.exe]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-28 02:15 1540096]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 13:50 17920]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 14:43 1862144]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 20:16 184320]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
    "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 12:45 222208]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
    "atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\Windows\System32\Atwtusb.exe]
    "TrustInstaller"="E:\Setup.exe" [ ]
    "400cab12"="C:\Windows\system32\pdibqvco.dll" [2008-06-30 15:21 91520]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-14 14:31:19 50688]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-14 14:28:06 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E55E1C86-434D-46F9-A253-2DE4AB3F9734}"= C:\Windows\system32\byXQICVm.dll [2008-06-30 00:18 28800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D78 Series]
    --a------ 2006-02-23 07:00 131072 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2008-06-16 11:52 167936 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-08-14 22:03 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{048426F8-E150-4961-AB22-8E0A05CE06E9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{A257E848-CC60-4455-AAA0-788077BF8226}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{3C682671-8446-43F4-B083-93AE79DFE6B4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{40E42404-C386-4B4D-8640-272338E69562}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
    "UDP Query User{D38A669F-77E3-4481-8738-6B0A1A36C4E6}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
    "TCP Query User{E92106CA-F4F8-44CB-B260-679E7FBCC7F1}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "UDP Query User{1258D982-34E3-4406-BC60-460E413FA9EF}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "TCP Query User{F56A1431-200D-4353-80E2-023B98AC1F43}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "UDP Query User{80D23B9C-40B2-43E4-B795-9975683D338F}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "TCP Query User{E4F3747E-90AD-40BF-AD47-2AC6481068EA}C:\\program files\\emule\\emule.exe"= Disabled:UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{1BBAEF6B-F15F-491C-A090-EF997E6C3FF0}C:\\program files\\emule\\emule.exe"= Disabled:TCP:C:\program files\emule\emule.exe:eMule
    "{00BACF7D-3994-4888-B96D-FD4D5C612B9B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{44F3FD94-3DEA-49DB-B645-B3BA1770AB3C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{72C3719E-20E2-4A7E-BE36-046782C990A5}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{B814D1D3-E11A-4EE8-B46D-4B343245F07C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{392E828E-35E6-439F-8711-ED05CE6DEF21}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{E1DFCE81-887E-4E6F-918A-84B36E6D1D84}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-15 21:07]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-30 15:35:55
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\BCMWLTRY.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-30 15:47:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-30 12:47:03

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

    190 --- E O F --- 2008-06-26 12:12:13



    et le rapport Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:58:42, on 30/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\System32\Atwtusb.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Users\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S3B5A.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C1538A8-A1FA-4D89-81B3-6E0304E49140}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8324 bytes



    30 Juin 2008 17:46:07

    :hello: 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    File::
    C:\Windows\System32\pdibqvco.dll
    C:\Windows\System32\tuvTmKee.dll
    C:\Windows\System32\khfGwUmn.dll
    C:\Windows\System32\byXQICVm.dll
    C:\Windows\pntqkflv.dll
    C:\Windows\qegbdmwf.dll

    FileLook::
    C:\Windows\System32\ieUnatt.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "400cab12"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E55E1C86-434D-46F9-A253-2DE4AB3F9734}"=-


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    30 Juin 2008 18:29:55

    done

    rapport combofix :


    ComboFix 08-06-20.4 - Elsa 2008-06-30 19:13:52.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1416 [GMT 3:00]
    Endroit: C:\Users\\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\pntqkflv.dll
    C:\Windows\qegbdmwf.dll
    C:\Windows\System32\byXQICVm.dll
    C:\Windows\System32\khfGwUmn.dll
    C:\Windows\System32\pdibqvco.dll
    C:\Windows\System32\tuvTmKee.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\pntqkflv.dll
    C:\Windows\qegbdmwf.dll
    C:\Windows\System32\byXQICVm.dll
    C:\Windows\System32\khfGwUmn.dll
    C:\Windows\System32\tuvTmKee.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-29 22:42 --------- d-----w C:\ProgramData\Avira
    2008-06-29 22:42 --------- d-----w C:\Program Files\Avira
    2008-06-29 21:03 --------- d-----w C:\Users\AppData\Roaming\Azureus
    2008-06-29 20:26 --------- d-----w C:\ProgramData\FLEXnet
    2008-06-29 20:07 --------- d-----w C:\ProgramData\ALM
    2008-06-29 20:05 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-06-29 20:05 --------- d-----w C:\Program Files\Bonjour
    2008-06-29 19:49 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-06-29 19:07 --------- d-----w C:\Program Files\PowerISO
    2008-06-29 16:00 --------- d-----w C:\Program Files\Azureus
    2008-06-29 15:48 --------- d-----w C:\ProgramData\Azureus
    2008-06-18 13:20 --------- d-----w C:\Program Files\USB Tablet
    2008-06-18 04:07 --------- d--h--w C:\ProgramData\CanonBJ
    2008-06-17 20:13 --------- d-----w C:\Program Files\Softinterface, Inc
    2008-06-12 06:28 56,108 ----a-w C:\Windows\system32\drivers\scdemu.sys
    2008-06-09 01:46 --------- d-----w C:\ProgramData\Roxio
    2008-06-02 15:48 --------- d-----w C:\Users\AppData\Roaming\Samsung
    2008-06-02 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-02 14:01 --------- d-----w C:\Program Files\Samsung
    2008-06-02 12:15 1,650,688 ----a-w C:\Windows\System32\beconvlib.dll
    2008-05-23 08:45 126,976 ----a-w C:\Windows\System32\beconv.dll
    2008-05-16 14:45 558 ----a-w C:\Users\AppData\Roaming\wklnhst.dat
    2008-05-15 13:32 --------- d-----w C:\ProgramData\Macrovision
    2008-05-15 13:10 --------- d-----w C:\Program Files\CyberLink
    2008-05-15 13:08 --------- d-----w C:\Program Files\EPSON
    2008-05-15 12:59 --------- d-----w C:\ProgramData\Skype
    2008-05-15 12:49 --------- d-----w C:\ProgramData\eMule
    2008-05-15 12:31 --------- d-----w C:\Users\AppData\Roaming\skypePM
    2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 07:36 98,304 ----a-w C:\Windows\System32\DVM.dll
    2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-04-14 11:01 765,952 ----a-w C:\Windows\System32\tx14.dll
    2008-04-14 02:20 557,056 ----a-w C:\Windows\System32\tx14_rtf.dll
    2008-04-13 23:05 331,776 ----a-w C:\Windows\System32\tx14_css.dll
    2008-04-13 22:00 1,052,672 ----a-w C:\Windows\System32\tx14_dox.dll
    2008-04-08 02:10 667,648 ----a-w C:\Windows\System32\tx14_doc.dll
    2008-04-06 23:36 249,856 ----a-w C:\Windows\System32\tx14_htm.dll
    2008-04-03 22:22 618,496 ----a-w C:\Windows\System32\tx14_pdf.dll
    2008-01-14 19:49 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-14 19:49 32 ----a-w C:\ProgramData\ezsid.dat
    2006-11-02 12:48 174 --sha-w C:\Program Files\desktop.ini
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .


    ---- C:\Windows\System32\ieUnatt.exe ----
    Company: Microsoft Corporation
    File Description: IE 7.0 Unattended Install Utility
    File Version: 7.00.6000.16681 (vista_gdr.080424-1548)
    Product Name: Windows© Internet Explorer
    Copyright: ¸ Microsoft Corporation. All rights reserved.
    Original file name: IEUNATT.EXE
    MD5: 9e17b707ca096d35e1f768dc6b7612f8


    ((((((((((((((((((((((((((((( snapshot@2008-06-30_15.46.15.86 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-30 12:34:37 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-30 16:08:11 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-30 16:08:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-30 16:08:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-02-13 22:10:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-30 13:37:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-02-13 22:10:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-30 13:37:43 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-02-13 22:10:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-30 13:37:43 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-30 12:35:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-30 16:10:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-30 16:10:30 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-30 12:35:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-30 16:18:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-30 16:18:31 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-30 12:22:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-30 15:58:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-30 12:22:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-30 15:58:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-30 12:22:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-30 15:58:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-25 08:26:19 100,232 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-30 13:33:44 103,924 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-25 08:26:19 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-30 13:33:44 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-25 08:26:19 606,450 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-30 13:33:44 610,142 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-25 08:26:19 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-30 13:33:44 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-06-30 12:18:39 11,162 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1854201790-3337289503-2259318210-1000_UserData.bin
    + 2008-06-30 16:10:46 11,806 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1854201790-3337289503-2259318210-1000_UserData.bin
    - 2008-06-30 12:18:39 62,380 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-30 16:10:45 62,922 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-30 12:18:36 49,428 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-30 16:10:43 49,770 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-20 00:32 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:34 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 02:52 815104]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-15 21:08 98304]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-15 21:07 106496]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-15 21:07 81920]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-14 14:25 77824]
    "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 08:11 303104 C:\Windows\sttray.exe]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-28 02:15 1540096]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 13:50 17920]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 14:43 1862144]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 20:16 184320]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
    "atwtusb"="atwtusb.exe" [2001-08-20 18:48 167936 C:\Windows\System32\Atwtusb.exe]
    "TrustInstaller"="E:\Setup.exe" [ ]
    "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 12:45 222208]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-14 14:31:19 50688]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-14 14:28:06 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    --a------ 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D78 Series]
    --a------ 2006-02-23 07:00 131072 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2008-06-16 11:52 167936 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-08-14 22:03 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{048426F8-E150-4961-AB22-8E0A05CE06E9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{A257E848-CC60-4455-AAA0-788077BF8226}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{3C682671-8446-43F4-B083-93AE79DFE6B4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{40E42404-C386-4B4D-8640-272338E69562}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
    "UDP Query User{D38A669F-77E3-4481-8738-6B0A1A36C4E6}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
    "TCP Query User{E92106CA-F4F8-44CB-B260-679E7FBCC7F1}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "UDP Query User{1258D982-34E3-4406-BC60-460E413FA9EF}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "TCP Query User{F56A1431-200D-4353-80E2-023B98AC1F43}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "UDP Query User{80D23B9C-40B2-43E4-B795-9975683D338F}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
    "TCP Query User{E4F3747E-90AD-40BF-AD47-2AC6481068EA}C:\\program files\\emule\\emule.exe"= Disabled:UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{1BBAEF6B-F15F-491C-A090-EF997E6C3FF0}C:\\program files\\emule\\emule.exe"= Disabled:TCP:C:\program files\emule\emule.exe:eMule
    "{00BACF7D-3994-4888-B96D-FD4D5C612B9B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{44F3FD94-3DEA-49DB-B645-B3BA1770AB3C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{72C3719E-20E2-4A7E-BE36-046782C990A5}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{B814D1D3-E11A-4EE8-B46D-4B343245F07C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{392E828E-35E6-439F-8711-ED05CE6DEF21}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{E1DFCE81-887E-4E6F-918A-84B36E6D1D84}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "{9955594B-8DB8-4BFF-838E-CC33423F9C02}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{E59B06A8-0122-4B0A-B5A3-BEACCCCE2106}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-15 21:07]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 10:36]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
    S3 utblfilt;utblfilt;C:\Windows\system32\drivers\utblfilt.sys [2001-05-23 11:42]
    S3 wampapache;wampapache;"C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-30 19:18:49
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-30 19:21:14
    ComboFix-quarantined-files.txt 2008-06-30 16:20:09

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    212 --- E O F --- 2008-06-26 12:12:13




    rapport Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:23:35, on 30/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C1538A8-A1FA-4D89-81B3-6E0304E49140}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7497 bytes

    30 Juin 2008 18:47:13

    Re,

    Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.

    ***

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    30 Juin 2008 20:18:41

    hop le rapport :


    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 899
    Windows 6.0.6000

    21:07:32 30/06/2008
    mbam-log-6-30-2008 (21-07-32).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 145895
    Temps écoulé: 34 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\pntqkflv.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.
    30 Juin 2008 21:54:21

    Re,

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    30 Juin 2008 22:50:21

    hey beh ça en fait des lignes

    main.txt :


    Deckard's System Scanner v20071014.68
    Run on 2008-06-30 23:30:22
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 3 Restore Point(s) --
    3: 2008-06-30 16:13:02 UTC - RP300 - ComboFix created restore point
    2: 2008-06-30 12:22:06 UTC - RP299 - ComboFix created restore point
    1: 2008-06-29 22:48:38 UTC - RP298 - Last known good configuration


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:32:51, on 30/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\System32\Atwtusb.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\Users\Desktop\Elsa.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
    O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S3B5A.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C1538A8-A1FA-4D89-81B3-6E0304E49140}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7527 bytes

    -- HijackThis Fixed Entries (C:\Users\Desktop\backups\) -------------------

    backup-20080630-221546-859 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R1 StarOpen - c:\windows\system32\drivers\staropen.sys

    S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys
    S3 utblfilt - c:\windows\system32\drivers\utblfilt.sys <Not Verified; Aiptek; >


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

    S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
    S3 wampapache - "c:\program files\wamp\apache2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
    S3 wampmysqld - "c:\program files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=c:\program files\wamp\mysql\my.ini" wampmysqld
    S4 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2008-05-30 and 2008-06-30 -----------------------------

    2008-06-30 20:31:25 0 d-------- C:\Users\All Users\Malwarebytes
    2008-06-30 20:31:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-30 15:21:38 68096 --a------ C:\Windows\zip.exe
    2008-06-30 15:21:38 49152 --a------ C:\Windows\VFind.exe
    2008-06-30 15:21:38 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-06-30 15:21:38 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-06-30 15:21:38 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-06-30 15:21:38 98816 --a------ C:\Windows\sed.exe
    2008-06-30 15:21:38 80412 --a------ C:\Windows\grep.exe
    2008-06-30 15:21:38 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-06-30 15:02:55 0 d-------- C:\327882R2FWJFW
    2008-06-30 14:36:01 0 d-------- C:\Windows\pss
    2008-06-30 01:42:40 0 d-------- C:\Users\All Users\Avira
    2008-06-30 01:42:40 0 d-------- C:\Program Files\Avira
    2008-06-30 00:42:02 0 d-------- C:\VundoFix Backups
    2008-06-29 23:26:31 0 d-------- C:\Users\All Users\FLEXnet
    2008-06-29 23:07:22 0 d-------- C:\Users\All Users\ALM
    2008-06-29 23:05:20 0 d-------- C:\Program Files\Bonjour
    2008-06-29 22:49:36 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-06-29 22:07:53 0 d-------- C:\Program Files\PowerISO
    2008-06-29 18:48:33 0 d-------- C:\Users\All Users\Azureus
    2008-06-29 18:39:43 0 d-------- C:\Program Files\Azureus
    2008-06-18 17:35:20 49152 --a------ C:\Windows\system32\tblmouse.exe <Not Verified; ; Tblmouse>
    2008-06-18 17:35:16 167936 --a------ C:\Windows\system32\Atwtusb.exe <Not Verified; Aiptek; Tablet HID>
    2008-06-18 16:20:36 57344 --a------ C:\Windows\system32\wintab32.dll <Not Verified; Aiptek; Aiptek wintab32>
    2008-06-18 16:20:36 12084 --a------ C:\Windows\system32\drivers\UTBLFILT.sys <Not Verified; Aiptek; >
    2008-06-18 16:20:35 36864 --a------ C:\Windows\system32\utblfilt.dll <Not Verified; Aiptek; USB Tablet>
    2008-06-18 16:20:35 860160 --a------ C:\Windows\system32\TblRes.dll <Not Verified; Aiptek; Aiptek TblRes>
    2008-06-18 16:20:35 45056 --a------ C:\Windows\system32\Tblfunc.dll <Not Verified; aiptek; aiptek tblfunc>
    2008-06-18 16:20:35 49152 --a------ C:\Windows\system32\Funckey.dll <Not Verified; ; Funckey>
    2008-06-18 16:20:35 0 d-------- C:\Program Files\USB Tablet
    2008-06-18 07:07:32 0 d--h----- C:\Users\All Users\CanonBJ
    2008-06-17 23:13:38 0 d-------- C:\Windows\system32\Resource
    2008-06-17 23:13:37 131072 --a------ C:\Windows\system32\CSVSpecialProcessing.dll
    2008-06-17 23:13:37 204800 --a------ C:\Windows\system32\bprgcomm.dll <Not Verified; ; bprgcomm Dynamic Link Library>
    2008-06-17 23:13:37 1650688 --a------ C:\Windows\system32\beconvlib.dll <Not Verified; ; easyConverter Dynamic Link Library>
    2008-06-17 23:13:37 126976 --a------ C:\Windows\system32\beconv.dll <Not Verified; BCL Technologies; BCL easyConverter SDK>
    2008-06-17 23:13:36 618496 --a------ C:\Windows\system32\tx14_pdf.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:36 1052672 --a------ C:\Windows\system32\tx14_dox.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:36 667648 --a------ C:\Windows\system32\tx14_doc.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:36 331776 --a------ C:\Windows\system32\tx14_css.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 65536 --a------ C:\Windows\system32\tx14_wnd.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 557056 --a------ C:\Windows\system32\tx14_rtf.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 327680 --a------ C:\Windows\system32\tx14_obj.dll <Not Verified; The Imaging Source Europe GmbH; TX Text-Control>
    2008-06-17 23:13:35 131072 --a------ C:\Windows\system32\tx14_ic.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 249856 --a------ C:\Windows\system32\tx14_htm.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:34 217088 --a------ C:\Windows\system32\tx14_tls.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:34 765952 --a------ C:\Windows\system32\tx14.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:34 221184 --a------ C:\Windows\system32\SII_PDF.dll
    2008-06-17 23:13:34 102400 --a------ C:\Windows\system32\SARzilla.dll
    2008-06-17 23:13:34 98304 --a------ C:\Windows\system32\DVM.dll
    2008-06-17 23:13:33 53248 --a------ C:\Windows\system32\RegisterExe.exe <Not Verified; ; RegisterExe Application>
    2008-06-17 23:13:29 0 d-------- C:\Program Files\Softinterface, Inc
    2008-06-16 21:20:15 304128 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-06-16 21:20:07 0 -rahs---- C:\MSDOS.SYS
    2008-06-16 21:20:07 0 -rahs---- C:\IO.SYS
    2008-06-12 09:28:49 56108 --a------ C:\Windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    2008-06-02 21:33:30 16384 --a------ C:\Windows\system32\FileOps.exe
    2008-06-02 21:33:14 0 d-------- C:\Windows\system32\Adobe
    2008-06-02 18:47:25 174592 --a------ C:\Windows\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-06-02 18:46:25 5632 --a------ C:\Windows\system32\drivers\StarOpen.sys
    2008-06-02 17:02:00 0 d-------- C:\Windows\system32\Samsung_USB_Drivers
    2008-06-02 17:01:48 0 d-------- C:\Program Files\Samsung


    -- Find3M Report ---------------------------------------------------------------

    2008-06-30 20:31:27 0 d-------- C:\Users\AppData\Roaming\Malwarebytes
    2008-06-30 20:01:03 0 d-------- C:\Users\AppData\Roaming\Adobe
    2008-06-30 16:33:44 690832 --a------ C:\Windows\system32\perfh00C.dat
    2008-06-30 16:33:44 117572 --a------ C:\Windows\system32\perfc00C.dat
    2008-06-30 00:03:32 0 d-------- C:\Users\Elsa\AppData\Roaming\Azureus
    2008-06-29 23:05:13 0 d-------- C:\Program Files\Common Files\Adobe
    2008-06-29 22:49:36 0 d-------- C:\Program Files\Common Files
    2008-06-02 18:48:42 0 d-------- C:\Users\AppData\Roaming\Samsung
    2008-06-02 18:45:50 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-16 17:45:28 558 --a------ C:\Users\AppData\Roaming\wklnhst.dat
    2008-05-15 16:10:18 0 d-------- C:\Program Files\CyberLink
    2008-05-15 16:08:46 0 d-------- C:\Program Files\EPSON
    2008-05-15 15:31:46 0 d-------- C:\Users\AppData\Roaming\skypePM


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/11/2006 02:52]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [15/11/2006 21:08]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [15/11/2006 21:07]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [15/11/2006 21:07]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [14/08/2007 14:25]
    "SigmatelSysTrayApp"="sttray.exe" [08/02/2007 08:11 C:\Windows\sttray.exe]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [28/11/2006 02:15]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 13:37]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [16/03/2007 13:50]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [14/08/2007 14:43]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [02/05/2007 20:16]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 21:16]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 13:22]
    "atwtusb"="atwtusb.exe" [20/08/2001 18:48 C:\Windows\System32\Atwtusb.exe]
    "TrustInstaller"="E:\Setup.exe" []
    "EPSON Stylus D78 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.exe" [23/02/2006 07:00]
    "MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 12:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [20/09/2007 00:32]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 15:34]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [14/08/2007 14:31:19]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [14/08/2007 14:28:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
    LocalServiceNoNetwork PLA DPS BFE mpssvc


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-30 23:37:59 ------------




    extra.txt


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Édition Familiale Basique (build 6000)
    Architecture: X86; Language: French

    CPU 0: Genuine Intel(R) CPU T2080 @ 1.73GHz
    Percentage of Memory in Use: 29%
    Physical Memory (total/avail): 2037.82 MiB / 1427.21 MiB
    Pagefile Memory (total/avail): 4291.94 MiB / 3592.24 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1928.12 MiB

    C: is Fixed (NTFS) - 99.7 GiB total, 29.6 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 6.88 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - ST9120822AS ATA Device - 111.79 GiB - 4 partitions
    \PARTITION0 - Unknown - 86.26 MiB
    \PARTITION1 - Système de fichiers installable - 10 GiB - D:
    \PARTITION2 (bootable) - Système de fichiers installable - 99.7 GiB - C:
    \PARTITION3 - Étendu avec Inter. 13 étendue - 2048 MiB



    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is enabled.

    AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users
    LOCALAPPDATA=C:\Users\AppData\Local
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0e0c
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
    RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\AppData\Local\Temp
    TMP=C:\Users\AppData\Local\Temp
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
    Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Premiere Pro 1.5 --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x040c
    Adobe Reader 7.0.8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
    Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Assistant Personnalisation du systéme Dell --> MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}
    Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
    Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x40c anything
    CanoScan Toolbox Ver4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x40c anything
    Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
    Convert Doc --> "C:\Program Files\Softinterface, Inc\Convert Doc\unins000.exe"
    Dell Support Center --> MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
    Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
    DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    EPSON Printer Software --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    Guide de l'utilisateur --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    HijackThis 2.0.2 --> "C:\Users\Desktop\HijackThis.exe" /uninstall
    Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Manual CanoScan LiDE 25 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C45EB9E5-7165-4FB0-8C31-77FC4743362F}\setup.exe" -l0x40c
    MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x40c -cluninstall
    Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
    Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    Nero Digital --> C:\Windows\UNNeroVision.exe /UNINSTALL
    NET Installation Assistance for VB6 App (Runtime Only) --> MsiExec.exe /I{66333C41-085E-4DA1-8273-E2BCA382D766}
    NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
    Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
    Outil de diagnostic de modem --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
    QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
    QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
    Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SAMSUNG Mobile Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
    Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
    VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
    VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    WAMP5 1.7.0 --> "C:\Program Files\wamp\unins000.exe"
    Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WIRELESS DESIGN & WORK TABLET 100/200/400 --> C:\Windows\IsUninst.exe -f"C:\Program Files\USB Tablet\USB Tablet Driver\Uninst.isu"
    Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
    ZSoft Uninstaller 2.4.1 --> C:\Program Files\ZSoft\Uninstaller\uninst.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type17398 / Success
    Event Submitted/Written: 06/30/2008 11:25:14 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type17397 / Success
    Event Submitted/Written: 06/30/2008 11:25:13 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type17391 / Success
    Event Submitted/Written: 06/30/2008 11:24:56 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    Le service de gestion des licences du logiciel a démarré.

    Event Record #/Type17381 / Warning
    Event Submitted/Written: 06/30/2008 11:23:17 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1854201790-3337289503-2259318210-1000_Classes:
    Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1854201790-3337289503-2259318210-1000_CLASSES

    Event Record #/Type17380 / Warning
    Event Submitted/Written: 06/30/2008 11:23:15 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1854201790-3337289503-2259318210-1000:
    Process 968 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1854201790-3337289503-2259318210-1000



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type77751 / Error
    Event Submitted/Written: 06/30/2008 11:30:27 PM
    Event ID/Source: 8032 / BROWSER
    Event Description:
    Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}.
    L'explorateur secondaire s'arrête.

    Event Record #/Type77746 / Warning
    Event Submitted/Written: 06/30/2008 11:28:35 PM
    Event ID/Source: 8021 / BROWSER
    Event Description:
    Le service Explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\V-BUREAU sur le réseau \Device\NetBT_Tcpip_{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}.



    Maître explorateur : \\V-BUREAU

    Réseau : \Device\NetBT_Tcpip_{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}



    Cet événement peut être causé par une perte temporaire de connectivité réseau. Si ce message apparaît à nouveau, vérifiez que le serveur est toujours connecté au réseau. Le code renvoyé est dans la boîte de texte Données.

    Event Record #/Type77665 / Warning
    Event Submitted/Written: 06/30/2008 11:24:09 PM
    Event ID/Source: 4 / bcm4sbxp
    Event Description:
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Event Record #/Type77623 / Warning
    Event Submitted/Written: 06/30/2008 11:17:36 PM
    Event ID/Source: 4226 / Tcpip
    Event Description:
    TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

    Event Record #/Type77520 / Warning
    Event Submitted/Written: 06/30/2008 10:21:31 PM
    Event ID/Source: 4374 / Microsoft-Windows-Servicing
    Event Description:
    Windows Servicing a déterminé que ce package KB938979_4(Update) n’est pas applicable à ce système.



    -- End of Deckard's System Scanner: finished at 2008-06-30 23:37:59 ------------

    1 Juillet 2008 18:45:44

    :hello:  Bonsoir,

    On va maintenant réparer les associations de fichiers défectueuses :

  • Clique sur le Menu démarrer > Tous les programmes > Accessoires > Invite de commandes.
    Dans la fenêtre noire qui s'ouvre, fais un copier/coller de la commande suivante : "%userprofile%\desktop\dss.exe" /daft

    Note :
  • Invite de commande pour XP --> "%USERSPROFILE%\Bureau\dss.exe" /daft
  • Invite de commande pour Vista --> "%userprofile%\desktop\dss.exe" /daft
  • Le chemin d'accès peut varier d'un PC à l'autre, à vous de vous adapter.

  • Une nouvelle fenêtre va s'ouvrir. Clique sur le bouton Scan.
  • Coche toutes les entrées qui apparaissent en rouge.
  • Ensuite, clique sur le bouton Fix.
  • Refais un scan et sauvegarde le rapport. Le nom du rapport par défaut sera daft.txt
  • Sauvegarde-le à la racine de ton disque dur ( C:\ ).

    Si la manipulation s'est bien déroulée, un message contenant "all associations ok" devrait apparaître.
    Poste le rapport daft.txt dans ta prochaine réponse.

    ;) 
    1 Juillet 2008 19:42:59

    le rapport daft (qui me parrait bien petit, après les autres postes) serait-ce la fin d'un long tunel??
    :


    DAFT Log saved on 2008-07-01 20:40:31
    -----------------------------------------------------------------------
    All associations okay!
    2 Juillet 2008 09:34:55

    Re,

    Petit mais parfait :D 

    Poste un nouveau dss scan.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    2 Juillet 2008 13:38:07

    Aaaah non plus de problème pour le momment !

    :) 

    voici le "dernier?" rapport :


    Deckard's System Scanner v20071014.68
    Run on 2008-07-02 14:10:16
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:10:25, on 02/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\sttray.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\System32\Atwtusb.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Desktop\dss.exe
    C:\Windows\system32\conime.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C1538A8-A1FA-4D89-81B3-6E0304E49140}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D1BE6EF-0B55-437D-91D4-EC41CB4DA99E}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7395 bytes

    -- Files created between 2008-06-02 and 2008-07-02 -----------------------------

    2008-06-30 20:31:25 0 d-------- C:\Users\All Users\Malwarebytes
    2008-06-30 20:31:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-30 15:21:38 68096 --a------ C:\Windows\zip.exe
    2008-06-30 15:21:38 49152 --a------ C:\Windows\VFind.exe
    2008-06-30 15:21:38 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-06-30 15:21:38 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-06-30 15:21:38 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-06-30 15:21:38 98816 --a------ C:\Windows\sed.exe
    2008-06-30 15:21:38 80412 --a------ C:\Windows\grep.exe
    2008-06-30 15:21:38 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-06-30 15:02:55 0 d-------- C:\327882R2FWJFW
    2008-06-30 14:36:01 0 d-------- C:\Windows\pss
    2008-06-30 01:42:40 0 d-------- C:\Users\All Users\Avira
    2008-06-30 01:42:40 0 d-------- C:\Program Files\Avira
    2008-06-30 00:42:02 0 d-------- C:\VundoFix Backups
    2008-06-29 23:26:31 0 d-------- C:\Users\All Users\FLEXnet
    2008-06-29 23:07:22 0 d-------- C:\Users\All Users\ALM
    2008-06-29 23:05:20 0 d-------- C:\Program Files\Bonjour
    2008-06-29 22:49:36 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-06-29 22:07:53 0 d-------- C:\Program Files\PowerISO
    2008-06-29 18:48:33 0 d-------- C:\Users\All Users\Azureus
    2008-06-29 18:39:43 0 d-------- C:\Program Files\Azureus
    2008-06-18 17:35:20 49152 --a------ C:\Windows\system32\tblmouse.exe <Not Verified; ; Tblmouse>
    2008-06-18 17:35:16 167936 --a------ C:\Windows\system32\Atwtusb.exe <Not Verified; Aiptek; Tablet HID>
    2008-06-18 16:20:36 57344 --a------ C:\Windows\system32\wintab32.dll <Not Verified; Aiptek; Aiptek wintab32>
    2008-06-18 16:20:36 12084 --a------ C:\Windows\system32\drivers\UTBLFILT.sys <Not Verified; Aiptek; >
    2008-06-18 16:20:35 36864 --a------ C:\Windows\system32\utblfilt.dll <Not Verified; Aiptek; USB Tablet>
    2008-06-18 16:20:35 860160 --a------ C:\Windows\system32\TblRes.dll <Not Verified; Aiptek; Aiptek TblRes>
    2008-06-18 16:20:35 45056 --a------ C:\Windows\system32\Tblfunc.dll <Not Verified; aiptek; aiptek tblfunc>
    2008-06-18 16:20:35 49152 --a------ C:\Windows\system32\Funckey.dll <Not Verified; ; Funckey>
    2008-06-18 16:20:35 0 d-------- C:\Program Files\USB Tablet
    2008-06-18 07:07:32 0 d--h----- C:\Users\All Users\CanonBJ
    2008-06-17 23:13:38 0 d-------- C:\Windows\system32\Resource
    2008-06-17 23:13:37 131072 --a------ C:\Windows\system32\CSVSpecialProcessing.dll
    2008-06-17 23:13:37 204800 --a------ C:\Windows\system32\bprgcomm.dll <Not Verified; ; bprgcomm Dynamic Link Library>
    2008-06-17 23:13:37 1650688 --a------ C:\Windows\system32\beconvlib.dll <Not Verified; ; easyConverter Dynamic Link Library>
    2008-06-17 23:13:37 126976 --a------ C:\Windows\system32\beconv.dll <Not Verified; BCL Technologies; BCL easyConverter SDK>
    2008-06-17 23:13:36 618496 --a------ C:\Windows\system32\tx14_pdf.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:36 1052672 --a------ C:\Windows\system32\tx14_dox.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:36 667648 --a------ C:\Windows\system32\tx14_doc.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:36 331776 --a------ C:\Windows\system32\tx14_css.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 65536 --a------ C:\Windows\system32\tx14_wnd.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 557056 --a------ C:\Windows\system32\tx14_rtf.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 327680 --a------ C:\Windows\system32\tx14_obj.dll <Not Verified; The Imaging Source Europe GmbH; TX Text-Control>
    2008-06-17 23:13:35 131072 --a------ C:\Windows\system32\tx14_ic.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:35 249856 --a------ C:\Windows\system32\tx14_htm.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:34 217088 --a------ C:\Windows\system32\tx14_tls.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:34 765952 --a------ C:\Windows\system32\tx14.dll <Not Verified; The Imaging Source Europe GmbH; TX Text Control>
    2008-06-17 23:13:34 221184 --a------ C:\Windows\system32\SII_PDF.dll
    2008-06-17 23:13:34 102400 --a------ C:\Windows\system32\SARzilla.dll
    2008-06-17 23:13:34 98304 --a------ C:\Windows\system32\DVM.dll
    2008-06-17 23:13:33 53248 --a------ C:\Windows\system32\RegisterExe.exe <Not Verified; ; RegisterExe Application>
    2008-06-17 23:13:29 0 d-------- C:\Program Files\Softinterface, Inc
    2008-06-16 21:20:15 304128 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-06-16 21:20:07 0 -rahs---- C:\MSDOS.SYS
    2008-06-16 21:20:07 0 -rahs---- C:\IO.SYS
    2008-06-12 09:28:49 56108 --a------ C:\Windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    2008-06-02 21:33:30 16384 --a------ C:\Windows\system32\FileOps.exe
    2008-06-02 21:33:14 0 d-------- C:\Windows\system32\Adobe
    2008-06-02 18:47:25 174592 --a------ C:\Windows\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-06-02 18:46:25 5632 --a------ C:\Windows\system32\drivers\StarOpen.sys
    2008-06-02 17:02:00 0 d-------- C:\Windows\system32\Samsung_USB_Drivers
    2008-06-02 17:01:48 0 d-------- C:\Program Files\Samsung


    -- Find3M Report ---------------------------------------------------------------

    2008-07-02 14:01:50 690832 --a------ C:\Windows\system32\perfh00C.dat
    2008-07-02 14:01:50 117572 --a------ C:\Windows\system32\perfc00C.dat
    2008-07-01 05:47:50 174 --ahs---- C:\Program Files\desktop.ini
    2008-07-01 05:44:26 0 d-------- C:\Program Files\Windows Calendar
    2008-07-01 05:44:22 0 d-------- C:\Program Files\Windows Mail
    2008-06-30 20:31:27 0 d-------- C:\Users\Elsa\AppData\Roaming\Malwarebytes
    2008-06-30 20:01:03 0 d-------- C:\Users\Elsa\AppData\Roaming\Adobe
    2008-06-30 00:03:32 0 d-------- C:\Users\Elsa\AppData\Roaming\Azureus
    2008-06-29 23:05:13 0 d-------- C:\Program Files\Common Files\Adobe
    2008-06-29 22:49:36 0 d-------- C:\Program Files\Common Files
    2008-06-02 18:48:42 0 d-------- C:\Users\Elsa\AppData\Roaming\Samsung
    2008-06-02 18:45:50 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-16 17:45:28 558 --a------ C:\Users\Elsa\AppData\Roaming\wklnhst.dat
    2008-05-15 16:10:18 0 d-------- C:\Program Files\CyberLink
    2008-05-15 16:08:46 0 d-------- C:\Program Files\EPSON
    2008-05-15 15:31:46 0 d-------- C:\Users\Elsa\AppData\Roaming\skypePM


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/11/2006 02:52]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [15/11/2006 21:08]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [15/11/2006 21:07]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [15/11/2006 21:07]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [14/08/2007 14:25]
    "SigmatelSysTrayApp"="sttray.exe" [08/02/2007 08:11 C:\Windows\sttray.exe]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [28/11/2006 02:15]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 13:37]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [16/03/2007 13:50]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [14/08/2007 14:43]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [02/05/2007 20:16]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19/10/2007 21:16]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 13:22]
    "atwtusb"="atwtusb.exe" [20/08/2001 18:48 C:\Windows\System32\Atwtusb.exe]
    "TrustInstaller"="E:\Setup.exe" []
    "MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 12:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [20/09/2007 00:32]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 15:34]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [14/08/2007 14:31:19]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
    QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [14/08/2007 14:28:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D78 Series]
    C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\Windows\TEMP\E_S3B5A.tmp" /EF "HKLM"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
    LocalServiceNoNetwork PLA DPS BFE mpssvc


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-07-02 14:11:04 ------------





    [ est ce que je peut enlever le programme "bonjour" ? ]
    3 Juillet 2008 22:19:47

    :hello:  Bonsoir,

    Citation :
    [ est ce que je peut enlever le programme "bonjour" ? ]


    Oui tu peux ;) 

    Tu as un antivirus ?

    ;) 

    4 Juillet 2008 23:26:32

    ouep ;) 

    en tout cas merci beauuuucoup

    je n'aurais été capable de rien toute seule !

    bonne nuit!
    6 Juillet 2008 18:09:13

    :hello:  Bonjour,

    Désolé, je n'ai pas été disponible ces deux derniers jours. De plus je pars en vacances demain.

    Merci d'envoyer un MP l'un des helpeurs présents sur le forum afin que ce dernier puisse continuer avec vous, dans la mesure de leurs disponibilités.

    Bonnes vacances.

    Mérillym.
    :hello: 
    a b 8 Sécurité
    6 Juillet 2008 21:48:06

    Tu as d'autres soucis ?
    6 Juillet 2008 22:18:31

    et bien non, mais j'en avais pas vraiment à part le pop up de l'antivirus (qui a cessé)

    donc c'est bien fini?!

    :D  ??
    a b 8 Sécurité
    7 Juillet 2008 13:46:05

    Je pense que oui :) 
    7 Juillet 2008 14:52:09

    alors merci beaucoup !!!
    a b 8 Sécurité
    7 Juillet 2008 15:40:09

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS