Rootkit.gen détecté par Antivir. A l'aide !

charpel · le 09 Avr 2010 07:47

Bonjour,

A lire les messages du forum je ne suis ni le premier ni le dernier !
Antivir a détecté Rootkit.gen et n'arrive pas à le supprimer. Symptomes : ralentissement du PC et fréquents plantages sur explorer. Quelqu'un peut-il m'aider ?

Au vu des messages précédents j'ai téléchargé et executé Combofix, voici le rapport :

ComboFix 10-04-08.02 - Pat & PL CHARVET 09/04/2010 7:55.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1291 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pat & PL CHARVET\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Pat & PL CHARVET\Application Data\avdrn.dat
c:\recycler\S-1-5-21-1989873027-1256209571-4175486206-500
c:\recycler\S-1-5-21-3522000811-1301395902-1717556685-500
C:\Thumbs.db
c:\windows\system32\hookdll.dll
c:\windows\system32\Ijl11.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-09 au 2010-04-09 ))))))))))))))))))))))))))))))))))))
.

2010-04-01 19:35 . 2010-04-09 05:59 804864 ----a-w- c:\windows\system32\drivers\utgekrrh.sys
2010-03-31 09:08 . 2010-03-31 09:08 1956808 ----a-w- c:\documents and settings\Pat & PL CHARVET\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-29 23:15 . 2010-03-29 23:15 -------- d-----w- c:\windows\system32\Adobe
2010-03-29 16:38 . 2010-03-29 16:38 -------- d-----w- c:\program files\Veetle
2010-03-13 07:58 . 2010-03-30 09:17 -------- d-----w- c:\program files\uTorrent
2010-03-13 07:57 . 2010-04-08 15:27 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\uTorrent
2010-03-10 08:59 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 05:15 . 2010-04-09 05:16 2331648 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2010-04-09 04:53 . 2010-04-09 04:55 2760704 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2010-04-08 15:23 . 2007-09-01 17:28 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\Ahead
2010-04-08 06:28 . 2008-10-06 06:30 42401889 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-04-07 09:36 . 2010-04-07 09:37 605696 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-04-07 09:36 . 2010-04-07 09:37 2321408 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2010-04-07 09:20 . 2010-04-07 09:21 2854400 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2010-04-07 09:20 . 2010-04-07 09:21 2321408 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2010-04-04 13:33 . 2010-04-04 13:34 2797056 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-04-04 13:33 . 2010-04-04 13:34 2318336 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2010-04-02 16:19 . 2010-04-02 16:20 2317312 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-04-02 16:19 . 2010-04-02 16:20 343040 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-04-02 13:57 . 2010-04-02 14:34 2854912 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-04-02 13:57 . 2010-04-02 14:34 2317312 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-04-01 19:35 . 2010-04-01 19:35 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-04-01 15:13 . 2010-01-07 14:23 1879 ---ha-w- C:\hpothb07.dat
2010-04-01 11:49 . 2007-09-10 17:40 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-01 06:26 . 2009-07-29 16:07 -------- d-----w- c:\program files\PhotoFiltre
2010-03-31 13:29 . 2010-03-31 14:20 2320384 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-03-29 23:15 . 2008-03-31 06:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-28 11:25 . 2006-03-24 12:00 90898 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 11:25 . 2006-03-24 12:00 526728 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 08:39 . 2008-01-28 12:14 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\BSplayer
2010-03-11 19:15 . 2007-12-24 15:31 -------- d-----w- c:\program files\WinPhone
2010-03-05 13:51 . 2010-03-05 13:49 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-03-04 17:41 . 2010-03-04 17:41 -------- d-----w- c:\program files\AnyBizSoft
2010-02-25 06:17 . 2006-03-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:25 . 2010-02-19 23:25 -------- d-----w- c:\program files\BayGenie
2010-02-12 10:03 . 2010-03-04 10:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-26 23:33 . 2010-01-27 10:12 1000448 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-01-25 00:24 . 2010-01-25 10:29 1705472 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-01-21 07:18 . 2010-01-21 07:19 366592 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2010-01-20 15:52 . 2010-01-20 15:54 2762752 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-01-18 13:17 . 2007-12-23 21:51 0 ---ha-w- c:\documents and settings\Pat & PL CHARVET\Application Data\hpothb07.dat
2010-01-18 13:17 . 2008-01-27 19:17 0 ---ha-w- c:\documents and settings\Pat & PL CHARVET\hpothb07.dat
2010-01-18 13:16 . 2008-01-27 19:25 164 ---ha-w- c:\documents and settings\All Users\hpothb07.dat
2010-01-18 13:16 . 2007-09-02 21:38 0 ---ha-w- c:\documents and settings\Administrateur\hpothb07.dat
2009-03-04 12:05 . 2008-01-27 19:19 156 ---ha-w- c:\program files\hpothb07.dat
2008-01-27 19:19 . 2008-01-27 19:19 265 ---ha-w- c:\program files\hpothb07.tif
2007-12-21 17:50 . 2007-12-21 17:50 13413048 ----a-w- c:\program files\Google_Earth_BZXV.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NMSSupport"="c:\program files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 08:48 108289]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [01/09/2007 20:02 21344]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/12/2009 13:51 135664]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - utgekrrh

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 11:51]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 11:51]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.aliceadsl.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: mairie-brest.fr\archives
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.photoweb.fr/telechargement/t ... -6.1.4.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Buyertools Reminder - c:\program files\Buyertools Reminder\Reminder.exe
HKLM-Run-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
AddRemove-DVD Decrypter - c:\documents and settings\Pat & PL CHARVET\Mes documents\Docs Guill\DVD Decrypter\uninstall.exe
AddRemove-Harmony Assistant - c:\documents and settings\Pat & PL CHARVET\Mes documents\Docs Lydie\Nouveau dossier\Harmony Assistant\Uninstal\Uninstal.exe
AddRemove-VLC media player - c:\documents and settings\Pat & PL CHARVET\Mes documents\Docs Lydie\vlc\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 07:59
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]

.
Heure de fin: 2010-04-09 08:01:14
ComboFix-quarantined-files.txt 2010-04-09 06:01

Avant-CF: 306 437 132 288 octets libres
Après-CF: 306 374 107 136 octets libres

- - End Of File - - ED2EE564F39994AC1C1E1DBBD53C138D

Merci d'avance

Ask to Old Man · le 09 Avr 2010 10:39

Bonjour & bienvenue,

A lire les messages du forum je ne suis ni le premier ni le dernier !...
...Au vu des messages précédents j'ai téléchargé et executé Combofix

Mauvais réflexe &/ou mauvaise lecture des sujets!! On n'utilise pas un outil comme Combofix avant
d'y avoir été invité par un helper... ...Passons. Il est plus utile & rationnel de télécharger HiJackThis
et de poster le rapport ici. A toi de jouer... ...Ensuite, un helper passera s'occuper de tes vermines.

charpel · le 09 Avr 2010 13:16

En tous cas, merci de votre aide.

Voici le rapport de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:14, on 09/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pat & PL CHARVET\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1747610139-1586799059-1348900803-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O15 - Trusted Zone: http://archives.mairie-brest.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0047609098
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0501034497
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.photoweb.fr/telechargement/t ... -6.1.4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15460 bytes

J'attends vos instructions pour la suite

bernard53 · le 09 Avr 2010 17:38

Bonjour charpel

Fait ceci.

Télécharge >> TFC.exe << impérativement sur ton bureau

Ferme tous les programmes en cour de fonctionnement...

Valide START pour lancer TFC

Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

PUIS::

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

killall::

File::
c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
Rootkit::
c:\windows\system32\drivers\utgekrrh.sys

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:

Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

charpel · le 09 Avr 2010 23:20

Bonsoir,

J'ai fait les manips sans problème, mais - euuuuhhh - pas de Combofix.txt dans C: !!
La recherche de Windows n'en a pas trouvé non plus ailleurs dans le système (sauf dans C:\.....\recent la trace de celui que j'ai fait ce matin.)

Autre bizzarerie : dans C: apparait une icone Combofix qui est celle du "poste de travail" (un PC) et qui se comporte comme lui quand on clique dessus => affichage des lecteurs, peripheriques et autres. Pourtant les "propriétés " de cette icone indiquent qu'il s'agit d'un dossier de 17,7Mo et qu'il a été créé à 19h57 (heure à laquelle j'ai fait les manips.) ?

Ceci dit le fichier utgekrrh.sys est toujours là, toujours signalé comme Rootkit.gen par Antivir et toujours impossible à détruire.

Dois-je recommencer ?

bernard53 · le 10 Avr 2010 09:30

charpel possible que tout simplement Antivir détecte l'intrus soit dans le backup de Combofix soit dans la système de restauration.

Peux tu repasser Combofix et me mettre le rapport s.t.p

Regarde avant si tu ne trouve pas le rapport ici.> C:\ComboFix.txt

Dis moi aussi si tu as l'adresse de détection faite par Antivir.

charpel · le 10 Avr 2010 10:51

Bonjour Bernard53,

L'adresse de detection par antivir est C:\windows\system32\drivers\utgekrrh.sys

J'ai repassé Combofix. Il a commencé en me faisant faire une mise à jour pour une version plus récente et ensuite ça a fonctionné normalement.

Voici le rapport

ComboFix 10-04-09.06 - Pat & PL CHARVET 10/04/2010 11:35:15.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1438 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pat & PL CHARVET\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-10 au 2010-04-10 ))))))))))))))))))))))))))))))))))))
.

2010-04-01 19:35 . 2010-04-10 09:40 804864 ----a-w- c:\windows\system32\drivers\utgekrrh.sys
2010-03-29 23:15 . 2010-03-29 23:15 -------- d-----w- c:\windows\system32\Adobe
2010-03-29 16:38 . 2010-03-29 16:38 -------- d-----w- c:\program files\Veetle
2010-03-13 07:58 . 2010-03-30 09:17 -------- d-----w- c:\program files\uTorrent
2010-03-13 07:57 . 2010-04-08 15:27 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 10:31 . 2008-01-27 19:17 172 ---ha-w- c:\documents and settings\Pat & PL CHARVET\hpothb07.dat
2010-04-09 10:30 . 2008-01-27 19:25 164 ---ha-w- c:\documents and settings\All Users\hpothb07.dat
2010-04-09 05:15 . 2010-04-09 05:16 2331648 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2010-04-09 04:53 . 2010-04-09 04:55 2760704 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2010-04-08 15:23 . 2007-09-01 17:28 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\Ahead
2010-04-08 06:28 . 2008-10-06 06:30 42401889 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-04-07 09:36 . 2010-04-07 09:37 605696 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-04-07 09:36 . 2010-04-07 09:37 2321408 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2010-04-07 09:20 . 2010-04-07 09:21 2854400 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2010-04-07 09:20 . 2010-04-07 09:21 2321408 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2010-04-04 13:33 . 2010-04-04 13:34 2797056 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-04-04 13:33 . 2010-04-04 13:34 2318336 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2010-04-02 16:19 . 2010-04-02 16:20 2317312 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-04-02 16:19 . 2010-04-02 16:20 343040 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-04-02 13:57 . 2010-04-02 14:34 2854912 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-04-02 13:57 . 2010-04-02 14:34 2317312 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-04-01 19:35 . 2010-04-01 19:35 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-04-01 15:13 . 2010-01-07 14:23 1879 ---ha-w- C:\hpothb07.dat
2010-04-01 11:49 . 2007-09-10 17:40 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-01 06:26 . 2009-07-29 16:07 -------- d-----w- c:\program files\PhotoFiltre
2010-03-31 13:29 . 2010-03-31 14:20 2320384 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-03-29 23:15 . 2008-03-31 06:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-28 11:25 . 2006-03-24 12:00 90898 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 11:25 . 2006-03-24 12:00 526728 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 08:39 . 2008-01-28 12:14 -------- d-----w- c:\documents and settings\Pat & PL CHARVET\Application Data\BSplayer
2010-03-11 19:15 . 2007-12-24 15:31 -------- d-----w- c:\program files\WinPhone
2010-03-05 13:51 . 2010-03-05 13:49 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-03-04 17:41 . 2010-03-04 17:41 -------- d-----w- c:\program files\AnyBizSoft
2010-02-25 06:17 . 2006-03-24 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-19 23:25 . 2010-02-19 23:25 -------- d-----w- c:\program files\BayGenie
2010-02-12 10:03 . 2010-03-04 10:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-01-26 23:33 . 2010-01-27 10:12 1000448 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-01-25 00:24 . 2010-01-25 10:29 1705472 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-01-21 07:18 . 2010-01-21 07:19 366592 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2010-01-20 15:52 . 2010-01-20 15:54 2762752 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-01-18 13:17 . 2007-12-23 21:51 0 ---ha-w- c:\documents and settings\Pat & PL CHARVET\Application Data\hpothb07.dat
2010-01-18 13:16 . 2007-09-02 21:38 0 ---ha-w- c:\documents and settings\Administrateur\hpothb07.dat
2009-03-04 12:05 . 2008-01-27 19:19 156 ---ha-w- c:\program files\hpothb07.dat
2008-01-27 19:19 . 2008-01-27 19:19 265 ---ha-w- c:\program files\hpothb07.tif
2007-12-21 17:50 . 2007-12-21 17:50 13413048 ----a-w- c:\program files\Google_Earth_BZXV.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NMSSupport"="c:\program files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 08:48 108289]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/12/2009 13:51 135664]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [01/09/2007 20:02 21344]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - utgekrrh

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 11:51]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 11:51]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.aliceadsl.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Ouvrir dans WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: mairie-brest.fr\archives
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.photoweb.fr/telechargement/t ... -6.1.4.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 11:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(4592)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2010-04-10 11:42:05
ComboFix-quarantined-files.txt 2010-04-10 09:42
ComboFix2.txt 2010-04-09 06:01

Avant-CF: 312 900 145 152 octets libres
Après-CF: 312 878 845 952 octets libres

- - End Of File - - 2C14CCB92CB7AF3866657C7C787A47A9

J'ai rescanné ensuite le sous-répertoire "drivers" avec Antivir et il signale toujours utgekrrh.sys et n'arrive pas à l'enlever.

bernard53 · le 10 Avr 2010 16:29

Si Combofix c'est mis à jour refait ceci.

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

killall::
Rootkit::
c:\windows\system32\drivers\utgekrrh.sys
RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]

File::
c:\windows\system32\config\systemprofile\Application Data\jasltw.dat

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:

Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

charpel · le 10 Avr 2010 19:12

Meme phénomène qu'hier : pas de Combofix.txt dans C:\ et Combofix apparait dans C:\ sous forme d'une icone de PC.

Ce qui c'est passé :
après avoir glissé le fichier CFscript, Combofix a démarré.
Au bout de quelques taches (vers la tache 4 je crois) l'ordinateur s'est arreté et a redémarré mais sans que Combofix se relance.
C'est probablement ça qui fait qu'il n'y a pas de Combofix.txt : le programme ne s'est pas executé jusqu'au bout.
Par contre, je ne comprends pas pourquoi le dossier Combofix qui était redevenu normal après le scan de ce matin a repris l'icone d'un PC et la date et l'heure du dernier lancement (10/04/2010 19h41 en date de création) ??

utgekrrh.sys est toujours présent et toujours détecté par Antivir qui n'arrive pas à le supprimer.

Faut-il refaire la manip (CFscript+Combofix) complete à nouveau ?

bernard53 · le 10 Avr 2010 20:24

Cliquez sur Démarrer > Exécuter et copiez/collez le texte en gras ci-dessous dans la zone de saisie :
ComboFix /Uninstall

Puis cliquez sur OK

Ensuite on va faire autrement.

Télécharge The Avenger
par Swandog46 sur ton Bureau
1.fait un clic droit sur Avenger.zip pour extraire avenger.exe sur ton bureau.

2. Copier tout le texte de cette citation dans un document texte créer sur ton bureau

Files to delete:
c:\windows\system32\drivers\utgekrrh.sys
c:\windows\system32\config\systemprofile\Application Data\jasltw.dat

Registry keys to delete:
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh

cela fait....

exécuter the avenger en cliquant sur avenger.exe,ouvre le document texte et copie son contenu dans la fenêtre d'avenger

décoche bien la case scan for Rootkits

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

Maintenant, lancer The Avenger en cliquant "Exécute"

4. The Avenger va automatiquement faire ce qui suit:

Il va Re-démarrer le système. (Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)

Pendant le re-démarrage, il apparaîtra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.

Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et transféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse

charpel · le 10 Avr 2010 22:20

Bonsoir Bernard53,

Ci-dessous le rapport de The Avenger.
Utgekrrh.sys fait de la résistance ! Il est toujours là, toujours détecté par Antivir qui n'arrive pas à le supprimer.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Error: could not open file "c:\windows\system32\drivers\utgekrrh.sys"
Deletion of file "c:\windows\system32\drivers\utgekrrh.sys" failed!
Status: 0xc0000043 (STATUS_SHARING_VIOLATION)

File "c:\windows\system32\config\systemprofile\Application Data\jasltw.dat" deleted successfully.

Error: could not open registry key "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Completed script processing.

*******************

Finished! Terminate.

bernard53 · le 11 Avr 2010 10:57

bon on va voir un peu plus s'il y en a pas un autre de caché.

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

%SYSTEMDRIVE%\cdrom.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\ACPI.sys /s /md5
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%systemdrive%\utgekrrh.* /s /md5

* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

charpel · le 11 Avr 2010 11:43

Bonjour Bernard53,

Voici le résultat du scan d'OTL (fichier OTL.txt) :
OTL logfile created on: 11/04/2010 12:17:22 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Pat & PL CHARVET\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 454,10 Gb Total Space | 291,58 Gb Free Space | 64,21% Space Free | Partition Type: NTFS
Drive D: | 11,65 Gb Total Space | 6,69 Gb Free Space | 57,43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAISONCY
Current User Name: Pat & PL CHARVET
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Pat & PL CHARVET\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\ALCFDRTM.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe (Intel Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Pat & PL CHARVET\Bureau\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ELService) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe (Intel Corporation)
SRV - (M1 Server) Serveur Média Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (GoProto) -- C:\WINDOWS\system32\drivers\goprot51.sys (Gteko Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (fbxusb) -- C:\WINDOWS\system32\drivers\fbxusb32.sys (FreeBox SA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2006/03/24 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\NPJPI150_08.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: mairie-brest.fr ([archives] http in Sites de confiance)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} http://download.yahoo.com/dl/mail/yautoiol1.cab (YAutoImport Class)
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} https://netbank.danskebank.dk/html/activex/DB/Menu.cab (CSMenu Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 0047609098 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0501034497 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.photoweb.fr/telechargement/t ... -6.1.4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pat & PL CHARVET\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pat & PL CHARVET\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/04 16:53:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/11 12:11:59 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\OTL.exe
[2010/04/10 23:07:38 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/10 22:57:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/10 14:26:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 11:42:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/09 19:46:24 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\TFC.exe
[2010/04/09 14:07:11 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\HiJackThis.exe
[2010/04/09 07:13:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/09 06:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/08 23:28:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/03/30 01:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/03/29 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/03/26 12:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat & PL CHARVET\Mes documents\Downloads
[2010/03/13 09:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/03/13 09:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat & PL CHARVET\Application Data\uTorrent
[2009/12/08 09:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/07 13:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/23 00:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/05 18:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/10/20 19:02:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/17 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2008/10/17 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2007/12/26 00:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/16 10:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/10/04 16:56:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2050/01/01 00:00:00 | 001,970,005 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\IMG_3764.JPG
[2050/01/01 00:00:00 | 001,968,264 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\IMG_3751.JPG
[2050/01/01 00:00:00 | 001,934,778 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\IMG_3713.JPG
[2050/01/01 00:00:00 | 001,675,376 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\IMG_3718.JPG
[2010/04/11 12:19:04 | 000,804,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\utgekrrh.sys
[2010/04/11 12:12:06 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\OTL.exe
[2010/04/11 12:10:15 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\NTUSER.DAT
[2010/04/11 11:58:14 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/11 09:17:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/11 09:17:15 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/11 09:16:55 | 000,350,193 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/11 09:15:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 09:15:21 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/11 09:15:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 09:15:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/11 01:33:42 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\ntuser.ini
[2010/04/10 14:28:18 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 14:28:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/10 11:40:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/09 19:46:29 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\TFC.exe
[2010/04/09 14:07:12 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\HiJackThis.exe
[2010/04/09 12:31:26 | 000,003,781 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Mes documents\hpothb07.tif
[2010/04/09 12:31:26 | 000,000,942 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Mes documents\hpothb07.dat
[2010/04/09 12:31:19 | 000,000,255 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\hpothb07.tif
[2010/04/09 12:31:19 | 000,000,172 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\hpothb07.dat
[2010/04/09 12:31:02 | 000,401,373 | -H-- | M] () -- C:\WINDOWS\hpothb07.tif
[2010/04/09 12:30:02 | 000,000,164 | -H-- | M] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2010/04/09 12:30:01 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\hpothb07.tif
[2010/04/09 12:30:01 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\hpothb07.dat
[2010/04/09 07:13:06 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/08 23:41:27 | 000,002,146 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/08 23:41:27 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/04/08 17:23:31 | 000,114,996 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\default.pls
[2010/04/07 21:22:49 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\182 223 792 7703.url
[2010/04/06 23:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/01 22:36:19 | 000,002,111 | ---- | M] () -- C:\WINDOWS\TCADWIN.INI
[2010/04/01 17:13:06 | 000,003,723 | -H-- | M] () -- C:\hpothb07.tif
[2010/04/01 17:13:06 | 000,001,879 | -H-- | M] () -- C:\hpothb07.dat
[2010/04/01 17:10:32 | 000,162,286 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\hpothb07.tif
[2010/04/01 17:10:32 | 000,006,544 | -H-- | M] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\hpothb07.dat
[2010/04/01 13:49:51 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/28 13:25:45 | 001,135,782 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 13:25:45 | 000,526,728 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/28 13:25:45 | 000,434,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 13:25:45 | 000,090,898 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/28 13:25:45 | 000,068,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/04/10 23:03:15 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\avenger.exe
[2010/04/09 07:13:06 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/09 07:13:05 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010/04/08 23:41:19 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
[2010/04/08 17:23:24 | 000,114,996 | ---- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\default.pls
[2010/04/01 21:35:51 | 000,804,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\utgekrrh.sys
[2010/04/01 17:05:38 | 000,006,544 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\hpothb07.dat
[2010/04/01 17:05:33 | 000,162,286 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Bureau\hpothb07.tif
[2010/01/23 15:34:14 | 000,002,111 | ---- | C] () -- C:\WINDOWS\TCADWIN.INI
[2009/12/18 17:58:22 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2009/10/25 20:15:08 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/09/22 13:15:24 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll
[2009/05/11 15:12:38 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/05/11 15:12:37 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/05/11 12:03:29 | 000,000,324 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2009/05/11 12:01:22 | 000,000,668 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/05/11 11:56:03 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI
[2009/03/23 08:32:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Ÿ9Ÿ9
[2009/03/22 12:06:28 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/30 16:32:17 | 000,000,222 | ---- | C] () -- C:\WINDOWS\NIMEGUE2.INI
[2008/08/07 15:44:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2008/07/10 10:05:15 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/02/10 14:59:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/27 21:25:10 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2008/01/27 21:25:10 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2008/01/27 21:19:42 | 000,000,265 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2008/01/27 21:19:42 | 000,000,156 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2008/01/27 21:17:26 | 000,000,255 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\hpothb07.tif
[2008/01/27 21:17:26 | 000,000,172 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\hpothb07.dat
[2008/01/12 16:36:37 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2008/01/12 16:30:16 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/12 16:30:16 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/26 19:41:32 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Application Data\$_hpcst$.hpc
[2007/12/24 17:33:18 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2007/12/24 17:31:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2007/12/23 23:51:56 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Application Data\hpothb07.tif
[2007/12/23 23:51:56 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Application Data\hpothb07.dat
[2007/12/21 19:50:36 | 013,413,048 | ---- | C] () -- C:\Program Files\Google_Earth_BZXV.exe
[2007/11/24 18:48:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/11/04 15:05:39 | 000,000,274 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2007/11/02 15:44:13 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/11/02 15:44:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/10/04 17:28:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/04 12:43:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/29 10:50:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2007/09/10 19:40:19 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/09 21:30:01 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/03 08:48:21 | 000,000,146 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2007/09/02 01:06:27 | 000,000,136 | ---- | C] () -- C:\WINDOWS\LITTRE.INI
[2007/09/02 01:05:48 | 000,251,392 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2007/09/02 01:05:48 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/09/02 00:49:05 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ENCR.INI
[2007/09/02 00:48:57 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\clrech.dll
[2007/09/01 22:24:39 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/09/01 21:01:59 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2007/09/01 21:01:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\LPNG.DLL
[2007/09/01 19:55:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/09/01 19:53:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2007/09/01 19:28:45 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\Local Settings\Application Data\fusioncache.dat
[2007/09/01 19:28:44 | 009,175,040 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\NTUSER.DAT
[2007/09/01 19:28:44 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\ntuser.dat.LOG
[2007/09/01 19:28:44 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Pat & PL CHARVET\ntuser.ini
[2006/10/05 14:54:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/05 12:41:27 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/05 10:49:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/10/05 10:49:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/10/05 10:38:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/05 10:00:39 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/05 10:00:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/05 10:00:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/05 10:00:38 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/05 10:00:37 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/05 10:00:37 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/05 10:00:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/05 09:15:27 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/19 13:25:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/08/05 15:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/03/04 10:34:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cyber.dll
[1996/04/25 06:23:00 | 000,000,857 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1996/02/22 01:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/19 01:23:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\lodbc09.dll
[1996/01/17 01:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1996/01/15 01:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 01:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 01:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\cdrom.sys /s /md5 >
[2006/03/24 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\ACPI.sys /s /md5 >
[2006/03/24 14:00:00 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=0BD94FBFC14EA3606CD6CA4C0255BAA3 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
[2008/04/14 03:52:42 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008/04/14 03:52:42 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys

< %SYSTEMDRIVE%\*.exe >
[2007/09/16 12:12:38 | 007,589,376 | ---- | M] () -- C:\b4904mux.exe
[2007/09/02 00:27:56 | 003,642,251 | ---- | M] () -- C:\cdu5_me.exe
[2001/06/04 17:59:00 | 000,054,544 | ---- | M] (Microsoft) -- C:\robocopy.exe
[2007/09/01 22:26:40 | 000,412,384 | ---- | M] () -- C:\unerase_en_h.exe

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/07/06 07:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\I386\IASTOR.SYS
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OEMDRV\iastor.sys
[2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
[2005/01/20 09:45:30 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\I386\NVATABUS.SYS
[2005/02/12 02:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\OEMDRV\nvatabus.sys

< %systemdrive%\utgekrrh.* /s /md5 >
[2010/04/11 12:21:27 | 000,804,864 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\utgekrrh.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 9 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Manufacturer
< End of report >

Et voici Extras.txt

OTL Extras logfile created on: 11/04/2010 12:17:22 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Pat & PL CHARVET\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 454,10 Gb Total Space | 291,58 Gb Free Space | 64,21% Space Free | Partition Type: NTFS
Drive D: | 11,65 Gb Total Space | 6,69 Gb Free Space | 57,43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAISONCY
Current User Name: Pat & PL CHARVET
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~3\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~3\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NetMeeting\Conf.exe" = C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DE2F51-DF0A-11D3-9DBC-00C04F522588}" = Personal Ancestral File
"{0D14BA87-CB81-4BDB-92D9-483B153D5A4E}" = Data Sync Station
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{27BB0964-0AE9-4A43-97FA-BD483BCD5A71}" = One Touch Video Capture
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 2.5 SE
"{2F2E536D-021E-4B77-94E6-A16AA8D50014}" = Logiciel Intel® Viiv™
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}" = SPCM
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Visionneuse Journal Windows Microsoft
"{47FF921C-E834-47A6-8CE4-F0A99CDE347F}" = ViaMichelin Navigation PND
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}" = Samsung USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C84D138-AA41-4CC3-8158-292A4CC75BA5}_is1" = Photos de Famille 2
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8A923F5-C3F9-4E13-B3DB-A0F11014C9D2}" = Français enrichi version 2009.02.01
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Disque de souvenirs HP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C06BEA8D-E886-49FF-B772-A9C550741036}" = Nero 7 Essentials
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"0D20D36D-A11C-444c-9AF7-70CBFED42ECF" = Otto
"99A88D57-2C93-491B-87B8-E41A870FB6BE" = GemMaster Mystic
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires" = Microsoft Age of Empires
"Alexandra Ledermann 3 - Équitation Aventure" = Alexandra Ledermann 3 - Équitation Aventure
"AnyBizSoft PDF to Word (Build 2.0.0.12)_is1" = AnyBizSoft PDF to Word
"Atelier historique" = Atelier historique
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Avira UnErase Personal" = Avira UnErase Personal
"AviSynth" = AviSynth 2.5
"BayGenie eBay Auction Sniper Free Edition_is1" = BayGenie eBay Auction Sniper Free Edition 3.3.3.0
"Book'In" = Book'In
"BSPlayerf" = BS.Player FREE powered by AdVantage
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"Championship Manager 3" = Championship Manager 3
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DIVXCodec" = DivX Codec 3.1alpha release
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EL" = Intel(R) Quick Resume Technology Drivers
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"Free Video Converter_is1" = Free Video Converter V 1.2
"GénéaTique2000" = GénéaTique
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{27BB0964-0AE9-4A43-97FA-BD483BCD5A71}" = One Touch Video Capture
"Intel(R) Configuration Center" = Logiciel Intel® Viiv™
"LameACM" = Lame ACM MP3 Codec
"L'ENCYCLOPEDIE" = L'ENCYCLOPEDIE
"LMS" = C-Dilla Licence Management System
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pack PSP - Ri4m - v1.0a" = Pack PSP - Ri4m - v1.0a
"PDF-XChange 3_is1" = PDF-XChange 3
"PhotoFiltre" = PhotoFiltre
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Programme de gestion Camera de Logitech®
"QVP" = Quick View Plus
"Ri4m v5.0.1d" = Ri4m v5.0.1d
"Riding Star" = Riding Star
"Ripp-It Codec Pack" = Ripp-It Codec Pack v 4.2.7
"Shop for HP Supplies" = Shop for HP Supplies
"Skuld iPod Converter_is1" = Skuld iPod Converter 1.2.1
"SmartSuite V97.0" = Lotus SmartSuite 97
"SopCast" = SopCast 1.1.2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = Illimité2
"unKeyCDUniversalis50" = Universalis 5
"Veetle TV" = Veetle TV 0.9.17
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service" = Windows XP Service Pack 3
"WinPhone" = WinPhone
"WinRAR archiver" = Archiveur WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft iPod Video Converter" = Xilisoft iPod Video Converter
"Yahoo! Auto Outlook Import" = Yahoo! Auto Outlook Import
"ZoneAlarm" = ZoneAlarm
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Capturino V2" = Capturino V2
"NIMEGUE2" = NIMEGUE2
"sc10-FR_FTV_MAIN" = Ski Challenge 2010 (FTV)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/04/2010 15:56:05 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

Error - 10/04/2010 16:49:54 | Computer Name = MAISONCY | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : The server name or address could not be resolved

Error - 10/04/2010 16:56:05 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

Error - 10/04/2010 17:08:06 | Computer Name = MAISONCY | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : The server name or address could not be resolved

Error - 10/04/2010 17:56:05 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

Error - 10/04/2010 18:56:05 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

Error - 11/04/2010 03:15:23 | Computer Name = MAISONCY | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : The server name or address could not be resolved

Error - 11/04/2010 03:56:05 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

Error - 11/04/2010 04:58:14 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

Error - 11/04/2010 05:58:14 | Computer Name = MAISONCY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 10/04/2010 13:47:34 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7034
Description = Le service QoS RSVP s'est terminé de façon inattendue pour la 1ème
fois.

Error - 10/04/2010 13:47:34 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7034
Description = Le service Service de la passerelle de la couche Application s'est
terminé de façon inattendue pour la 1ème fois.

Error - 10/04/2010 13:47:34 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7031
Description = Le service Serveur Média Intel(R) Viiv(TM) s'est terminé de manière
inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
dans 5000 millisecondes : Redémarrer le service.

Error - 10/04/2010 13:47:34 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7031
Description = Le service Intel(R) Remoting Service s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
5000 millisecondes : Redémarrer le service.

Error - 10/04/2010 13:47:34 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7034
Description = Le service Intel(R) Matrix Storage Event Monitor s'est terminé de
façon inattendue pour la 1ème fois.

Error - 10/04/2010 13:47:34 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7031
Description = Le service Windows Search s'est terminé de manière inattendue. Ceci
s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000
millisecondes : Redémarrer le service.

Error - 10/04/2010 13:50:43 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 10/04/2010 16:51:21 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 10/04/2010 17:09:39 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 11/04/2010 03:16:51 | Computer Name = MAISONCY | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

< End of report >

Pour le reste pas de changement : utgekrrh.sys est toujours là, toujours détecté par Antivir qui ne peut l'éliminer.
Heureusement que tu m'as demandé de choisir le "rapport minimal" ; ça en fait déjà une tartine !!

bernard53 · le 11 Avr 2010 13:53

Bon le rapport indique bien qu'il est seul cet intrus.

Ceci car j'ai fait une petite erreur de scipt.

Tu as déjà Avenger

Télécharge The Avenger
par Swandog46 sur ton Bureau
1.fait un clic droit sur Avenger.zip pour extraire avenger.exe sur ton bureau.

2. Copier tout le texte de cette citation dans un document texte créer sur ton bureau

Drivers to delete:
utgekrrh
Files to delete:
c:\windows\system32\drivers\utgekrrh.sys
Registry keys to delete:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]

cela fait....

exécuter the avenger en cliquant sur avenger.exe,ouvre le document texte et copie son contenu dans la fenêtre d'avenger

décoche bien la case scan for Rootkits

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

Maintenant, lancer The Avenger en cliquant "Exécute"

4. The Avenger va automatiquement faire ce qui suit:

Il va Re-démarrer le système. (Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)

Pendant le re-démarrage, il apparaîtra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.

Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et transféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse

charpel · le 11 Avr 2010 18:54

Quand j'ai voulu lancer The Avenger il m'a renvoyé le message d'erreur suivant :

Error : Invalid registry syntax in command "[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utgekrrh]"
Only registry keys under the HKEY_LOCAL_MACHINE are accessible to this programm.
Skipping line. (Registry key detection mode)

Après validation du message il m'a demandé si je voulais continuer quand meme et je suis sorti sans rien faire.
Je préfère attendre tes instructions

Rootkit.gen détecté par Antivir. A l'aide !

Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Re: Rootkit.gen détecté par Antivir. A l'aide !

Sujets similaires

Qui est en ligne