Bonjour,

J'ai un soucis avec mon PC windows xp pack 3, lorsque je me connecte avec firefox derniere version je n'arrive pas à ouvrir certains site (Facebook, email gmail) ou bien comme sur google lorsque j'effectue une recherche le navigateur cherche mais ne trouve jamais rien. De plus je vois apparaitre dans les pages web (ex lefigaro.fr ou windows update) des fenêtre (je préscise dans la page, ce n'est pas des fenêtres qui s'ouvre) m'indiquant your computer may be infected click OK)

Quelqu'un pourrait il m'aider à retrouver un PC normal ???

J'ai déjà scanner avec SPYBOOT (quelques spyware trouver comme VIRTUMOND.DLL mais je n'arrive pas à trouver la solution

Voici un log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:26, on 26/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Francky\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM9b630aeb] Rundll32.exe "C:\WINDOWS\system32\yfsfixid.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4667564125
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8674 bytes



Merci d'avance

Bonsoir, je confirme l'infection, on va faire 2 tests.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/an ... /SDFix.exe ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

Imprime ou note ce qui suit, tu n'auras pas accès à internet.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.

Suis la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

bonsoir,

Merci pour ton aide, je vais de suite tenter ton process, j'ai un portable connecté donc je pourrais suivre la discussion si nécessaire

merci encore, j'essai et te dis ce que cela donne

report.txt


SDFix: Version 1.185
Run by Francky on 27/05/2008 at 00:04

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Francky\Bureau\sdfix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Francky\Application Data\addon.dat - Deleted





Removing Temp Files

ADS Check :

C:\WINDOWS
:services 1276
Total size: 1276 bytes.
WINDOWS: deleted 1276 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 00:26:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:63,d4,42,27,e1,2a,fb,52,94,1c,8a,09,4b,db,cc,32,37,ab,52,01,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,cb,50,68,8d,fe,d1,1b,2a,ee,18,6c,3e,0d,3a,8f,30,..
"hdf12"=hex:fe,08,fb,3c,d7,ab,ff,d0,00,ff,82,6a,96,da,2e,ae,73,e2,96,a2,fb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:bb,e7,ad,96,db,85,60,53,50,e4,6a,3e,1d,3a,8f,ef,46,f5,73,4a,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,0c,ed,ec,9e,c4,bb,46,e5,1c,34,d6,e8,f3,6f,03,b5,3c,a4,e1,f4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000]
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=str(7):"HID\Vid_046d&Pid_c001&Rev_2900\0HID\Vid_046d&Pid_c001\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0002\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0001"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="Logitech USB First/Pilot Mouse+"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0015"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0010"
"UpperFilters"=str(7):"wacommousefilter\0"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0013"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0014"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0006"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0007"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"ConfigFlags"=dword:00000020
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"Service"="mouhid"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0009"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0012"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:63,d4,42,27,e1,2a,fb,52,94,1c,8a,09,4b,db,cc,32,37,ab,52,01,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,cb,50,68,8d,fe,d1,1b,2a,ee,18,6c,3e,0d,3a,8f,30,..
"hdf12"=hex:fe,08,fb,3c,d7,ab,ff,d0,00,ff,82,6a,96,da,2e,ae,73,e2,96,a2,fb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:bb,e7,ad,96,db,85,60,53,50,e4,6a,3e,1d,3a,8f,ef,46,f5,73,4a,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,0c,ed,ec,9e,c4,bb,46,e5,1c,34,d6,e8,f3,6f,03,b5,3c,a4,e1,f4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000]
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=str(7):"HID\Vid_046d&Pid_c001&Rev_2900\0HID\Vid_046d&Pid_c001\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0002\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0001"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="Logitech USB First/Pilot Mouse+"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0015"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0010"
"UpperFilters"=str(7):"wacommousefilter\0"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0013"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0014"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0006"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0007"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"ConfigFlags"=dword:00000020
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"Service"="mouhid"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0009"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0012"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:63,d4,42,27,e1,2a,fb,52,94,1c,8a,09,4b,db,cc,32,37,ab,52,01,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,cb,50,68,8d,fe,d1,1b,2a,ee,18,6c,3e,0d,3a,8f,30,..
"hdf12"=hex:fe,08,fb,3c,d7,ab,ff,d0,00,ff,82,6a,96,da,2e,ae,73,e2,96,a2,fb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:bb,e7,ad,96,db,85,60,53,50,e4,6a,3e,1d,3a,8f,ef,46,f5,73,4a,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,0c,ed,ec,9e,c4,bb,46,e5,1c,34,d6,e8,f3,6f,03,b5,3c,a4,e1,f4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000]
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=str(7):"HID\Vid_046d&Pid_c001&Rev_2900\0HID\Vid_046d&Pid_c001\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0002\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0001"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="Logitech USB First/Pilot Mouse+"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\Vid_046d&Pid_c001\6&2620f9b3&0&0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0015"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&10a8b2d&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0010"
"UpperFilters"=str(7):"wacommousefilter\0"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0013"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&1731f3ea&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0014"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&29eba48f&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0006"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0007"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&2d595ca7&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"ConfigFlags"=dword:00000020
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"Service"="mouhid"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0009"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&4784345&0&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002]
"Capabilities"=dword:000000a0
"HardwareID"=str(7):"HID\WACVIRTUALHID&Col03\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0001\0HID_DEVICE\0"
"CompatibleIDs"=str(7):"\0"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Service"="mouhid"
"ConfigFlags"=dword:00000020
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\0012"
"Class"="Mouse"
"Mfg"="Wacom Technology"
"DeviceDesc"="Wacom Mouse"
"UpperFilters"=str(7):"wacommousefilter\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002\Device Parameters]
"Migrated"=dword:00000001
"FlipFlopWheel"=dword:00000000
"ForceAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\HID\WACVIRTUALHID&Col03\1&4784345&1&0002\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:63,d4,42,27,e1,2a,fb,52,94,1c,8a,09,4b,db,cc,32,37,ab,52,01,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,be,cb,50,68,8d,fe,d1,1b,2a,ee,18,6c,3e,0d,3a,8f,30,..
"hdf12"=hex:fe,08,fb,3c,d7,ab,ff,d0,00,ff,82,6a,96,da,2e,ae,73,e2,96,a2,fb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:bb,e7,ad,96,db,85,60,53,50,e4,6a,3e,1d,3a,8f,ef,46,f5,73,4a,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,0c,ed,ec,9e,c4,bb,46,e5,1c,34,d6,e8,f3,6f,03,b5,3c,a4,e1,f4,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Zattoo\\Zattoo2.exe"="C:\\Program Files\\Zattoo\\Zattoo2.exe:*:Enabled: "
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\FripTV-Orange\\FripTVGUI2.exe"="C:\\Program Files\\FripTV-Orange\\FripTVGUI2.exe:*:Enabled:FripTVGUI2.exe"
"C:\\Program Files\\FripTV-Orange\\friptv.exe"="C:\\Program Files\\FripTV-Orange\\friptv.exe:*:Enabled:friptv.exe"
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Francky\Bureau\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Nov 2006 216 ..SH. --- "C:\BOOT.BAK"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 31 Mar 2007 512,197 A.SH. --- "C:\WINDOWS\system32\qqtwa.tmp"
Sun 1 Apr 2007 177 A.SH. --- "C:\WINDOWS\system32\rwaxpuvy.tmp"
Wed 12 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Apr 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Tue 15 Apr 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Program Files\microsoft office\MSDE2000\SQLRESLD.DLL"
Thu 23 Aug 2007 71,168 A.SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Sun 10 Feb 2008 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Sat 23 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!



hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:26, on 27/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
C:\Documents and Settings\Francky\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM9b630aeb] Rundll32.exe "C:\WINDOWS\system32\yfsfixid.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4667564125
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8573 bytes

Dommage, on va devoir être plus sévères dans le 2eme test, car cela ne suffit pas.
Tu as une infection qu'on va traiter à moitié à la main. On aura sa peau, remarque.


Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
• Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Je te préparerai ensuite un script pour éliminer ce qui restera.

ComboFix 08-05-25.5 - Francky 2008-05-27 1:16:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.487 [GMT 2:00]
Endroit: C:\Documents and Settings\Francky\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9b630aeb.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\aydfutsw.ini
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cjsfoiad.ini
C:\WINDOWS\system32\cqajnkxq.ini
C:\WINDOWS\system32\DLoUvyxx.ini
C:\WINDOWS\system32\DLoUvyxx.ini2
C:\WINDOWS\system32\dmwjewjd.ini
C:\WINDOWS\system32\drkhmywk.ini
C:\WINDOWS\system32\fbjfnhcb.exe
C:\WINDOWS\system32\fwponilv.ini
C:\WINDOWS\system32\gQYHOXbc.ini
C:\WINDOWS\system32\gQYHOXbc.ini2
C:\WINDOWS\system32\hgGxYsSK.dll
C:\WINDOWS\system32\lachpjup.ini
C:\WINDOWS\system32\layadgqr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnmNExY.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\qoMcbcDv.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\qqtwa.tmp
C:\WINDOWS\system32\rcbhdhya.exe
C:\WINDOWS\system32\rwaxpuvy.ini2
C:\WINDOWS\system32\rwaxpuvy.tmp
C:\WINDOWS\system32\SsYxayxx.ini
C:\WINDOWS\system32\SsYxayxx.ini2
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\tripiuvt.ini
C:\WINDOWS\system32\ualyculw.exe
C:\WINDOWS\system32\vkvhtbii.exe
C:\WINDOWS\system32\YFMnTvut.ini
C:\WINDOWS\system32\YFMnTvut.ini2
C:\WINDOWS\system32\yhipjaoe.exe
C:\WINDOWS\system32\YxENmnpo.ini
C:\WINDOWS\system32\YxENmnpo.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.

2008-05-26 23:50 . 2008-05-26 23:51 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-26 22:50 . 2008-05-26 22:50 116,736 --a------ C:\WINDOWS\system32\wstufdya.dll
2008-05-26 00:30 . 2008-05-26 00:30 <REP> d-------- C:\Program Files\Avira
2008-05-26 00:30 . 2008-05-26 00:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-25 23:47 . 2008-05-25 23:47 125,440 --a------ C:\WINDOWS\system32\yfsfixid.dll
2008-05-25 23:46 . 2008-05-25 23:46 370,688 --a------ C:\WINDOWS\system32\xxyaxYsS.VIR
2008-05-25 10:26 . 2008-05-25 10:30 <REP> d-------- C:\Program Files\a-squared Free
2008-05-25 01:16 . 2008-05-25 17:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 01:05 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-25 00:57 . 2008-05-25 01:17 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2008-05-25 00:57 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-25 00:57 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-25 00:57 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-25 00:57 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-25 00:54 . 2008-05-25 17:48 <REP> d-------- C:\Program Files\Spyware Doctor
2008-05-25 00:54 . 2008-05-25 00:54 <REP> d-------- C:\Documents and Settings\Francky\Application Data\PC Tools
2008-05-25 00:54 . 2008-05-25 00:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-25 00:37 . 2008-05-25 00:37 <REP> d-------- C:\fsaua.data
2008-05-24 23:44 . 2008-05-24 23:44 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-24 23:40 . 2008-04-13 11:23 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-24 23:36 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002910_.tmp
2008-05-24 23:29 . 2008-05-24 23:29 <REP> d-------- C:\WINDOWS\EHome
2008-05-24 23:04 . 2008-05-24 23:04 36,152,225 --a------ C:\WINDOWS\LPT$VPN.295
2008-05-24 23:03 . 2008-05-24 23:04 36,152,225 --a------ C:\WINDOWS\VPTNFILE.295
2008-05-24 23:02 . 2008-05-24 23:04 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-20 21:27 . 2008-05-20 21:27 <REP> d-------- C:\Documents and Settings\Francky\Application Data\TaoUSign
2008-05-18 23:21 . 2008-05-18 23:21 <REP> d-------- C:\Program Files\SoftChris
2008-05-17 23:23 . 2008-05-17 23:23 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-12 18:20 . 2008-05-12 18:22 <REP> d-------- C:\Program Files\PhotomatixPro3
2008-05-12 11:53 . 2008-05-17 23:05 <REP> d-------- C:\Program Files\Artizen HDR
2008-05-04 22:04 . 2008-05-06 23:27 <REP> d-------- C:\Documents and Settings\Francky\Application Data\skypePM
2008-05-04 22:04 . 2008-05-04 22:04 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-04 22:03 . 2008-05-06 23:51 <REP> d-------- C:\Documents and Settings\Francky\Application Data\Skype
2008-05-04 22:02 . 2008-05-04 22:02 <REP> d-------- C:\Program Files\Skype
2008-05-04 22:02 . 2008-05-04 22:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-04 22:02 . 2008-05-04 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-03 07:16 . 2008-05-03 07:16 <REP> d-------- C:\Documents and Settings\Francky\Application Data\ItsLabel
2008-05-01 22:57 . 2008-05-01 22:57 <REP> d-------- C:\Documents and Settings\Francky\Application Data\Media Player Classic
2008-05-01 22:57 . 2008-05-01 22:58 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-01 22:56 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-01 22:55 . 2008-05-01 22:55 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-01 22:55 . 2007-09-28 17:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-05-01 22:55 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-01 22:55 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-01 22:55 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-01 22:55 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-01 22:55 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-01 19:05 . 2008-05-01 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 23:26 --------- d-----w C:\Documents and Settings\Francky\Application Data\WTablet
2008-05-26 20:41 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-05-26 19:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-26 19:42 --------- d-----w C:\Program Files\McAfee
2008-05-24 21:04 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-24 21:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-24 21:04 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-05-24 21:04 1,213,784 -c--a-w C:\WINDOWS\vsapi32.dll
2008-05-24 21:02 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-05-24 21:02 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-05-24 21:02 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-05-23 22:41 --------- d-----w C:\Documents and Settings\Francky\Application Data\Azureus
2008-05-17 21:25 --------- d-----w C:\Program Files\Lavasoft
2008-05-17 21:05 --------- d-----w C:\Program Files\adslTV
2008-05-17 21:05 --------- d-----w C:\Documents and Settings\Francky\Application Data\vlc
2008-05-17 21:03 --------- d-----w C:\Program Files\Mobipocket.com
2008-05-17 21:02 --------- d-----w C:\Program Files\palmOne
2008-05-17 19:56 --------- d-----w C:\Program Files\SopCast
2008-05-17 10:19 --------- d-----w C:\Program Files\Winamp
2008-05-05 17:06 --------- d-----w C:\Program Files\Bonjour
2008-05-05 16:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 06:30 --------- d-----w C:\Program Files\Fichiers communs\Mobipocket Shared
2008-05-03 06:29 --------- d-----w C:\Program Files\Konvertor
2008-05-03 06:28 --------- d-----w C:\Program Files\FripTV-Orange
2008-05-03 06:26 --------- d-----w C:\Program Files\eoRezo
2008-05-03 06:26 --------- d-----w C:\Documents and Settings\Francky\Application Data\EoRezo
2008-05-01 20:54 --------- d-----w C:\Program Files\DivX
2008-05-01 17:07 --------- d-----w C:\Program Files\Azureus
2008-04-24 20:39 --------- d-----w C:\Program Files\Panda Security
2008-04-24 19:45 --------- d-----w C:\Program Files\Windows Live
2008-04-24 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 17:42 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-24 17:26 --------- d-----w C:\Program Files\Hercules
2008-04-16 19:58 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-16 19:58 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-16 18:36 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-04-13 17:34 70,656 ----a-w C:\WINDOWS\notepad.exe
2008-04-13 17:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-13 17:34 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-13 17:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-13 17:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-13 17:34 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-13 17:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-13 17:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-13 17:34 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-13 17:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 17:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 17:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 17:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 17:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 17:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 17:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 17:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 17:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 17:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 17:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 17:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 17:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 17:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 17:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:55 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBB5D7D7-AE2E-44FB-938A-D4B20912277E}]
C:\WINDOWS\system32\xxyaxYsS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"BM9b630aeb"="C:\WINDOWS\system32\yfsfixid.dll" [2008-05-25 23:47 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]
C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkh]
rqromkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FripTV-Orange\\friptv.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8200:UDP"= 8200:UDP:VLC

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 00:07]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 13:17]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2006-03-22 03:36]
R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-21 01:29]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
S2 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2004-03-02 04:07]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 13:31]
S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2004-03-02 04:07]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 13:17]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\PARTIE_ROM\DIDOU.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{912F0565-6FE3-27B5-530D-01B5C4F2BEC8}]
C:\WINDOWS:services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A2654057-2429-2288-5E75-E381D015515B}]
C:\Program Files\System\svchost.exe s
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-03 19:57:32 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-30 23:00:31 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-26 23:31:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 01:28:40
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\WINDOWS\BM9b630aeb.xml

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> C:\WINDOWS\system32\yfsfixid.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-27 1:38:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 23:37:29

Pre-Run: 138,624,573,440 octets libres
Post-Run: 138,599,829,504 octets libres

350 --- E O F --- 2008-05-23 17:23:13


HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:41:36, on 27/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Francky\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EBB5D7D7-AE2E-44FB-938A-D4B20912277E} - C:\WINDOWS\system32\xxyaxYsS.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM9b630aeb] Rundll32.exe "C:\WINDOWS\system32\yfsfixid.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4667564125
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: rqromkh - rqromkh.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9424 bytes

bonjour

j'ai fait la manip mais je n'ai pas de choix quand la fenetre s"ouvre, je n'ai soit 1 OU 2 il scan directement et me refait la même manip qu4AVANT

Pas de choix 1 ou 2

Voici le log après manip (je ne sais pas si cela à fonctionner ou pas, car je n'ai pas eu les choix que tu as cité (1 ou 2) Merci

ComboFix 08-05-25.5 - Francky 2008-05-27 13:57:51.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.472 [GMT 2:00]
Endroit: C:\Documents and Settings\Francky\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Francky\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\fsaua.data
C:\WINDOWS\002910_.tmp
C:\WINDOWS\system32\xxyaxYsS.VIR
C:\WINDOWS\system32\yfsfixid.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9b630aeb.xml

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.

2008-05-26 23:50 . 2008-05-26 23:51 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-26 22:50 . 2008-05-26 22:50 116,736 --a------ C:\WINDOWS\system32\wstufdya.dll
2008-05-26 00:30 . 2008-05-26 00:30 <REP> d-------- C:\Program Files\Avira
2008-05-26 00:30 . 2008-05-26 00:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-25 10:26 . 2008-05-25 10:30 <REP> d-------- C:\Program Files\a-squared Free
2008-05-25 01:16 . 2008-05-25 17:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 01:05 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-25 00:57 . 2008-05-25 01:17 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools
2008-05-25 00:57 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-25 00:57 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-25 00:57 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-25 00:57 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-25 00:54 . 2008-05-25 17:48 <REP> d-------- C:\Program Files\Spyware Doctor
2008-05-25 00:54 . 2008-05-25 00:54 <REP> d-------- C:\Documents and Settings\Francky\Application Data\PC Tools
2008-05-25 00:54 . 2008-05-25 00:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-25 00:37 . 2008-05-25 00:37 <REP> d-------- C:\fsaua.data
2008-05-24 23:44 . 2008-05-24 23:44 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-05-24 23:40 . 2008-04-13 11:23 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-24 23:29 . 2008-05-24 23:29 <REP> d-------- C:\WINDOWS\EHome
2008-05-24 23:04 . 2008-05-24 23:04 36,152,225 --a------ C:\WINDOWS\LPT$VPN.295
2008-05-24 23:03 . 2008-05-24 23:04 36,152,225 --a------ C:\WINDOWS\VPTNFILE.295
2008-05-24 23:02 . 2008-05-24 23:04 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-20 21:27 . 2008-05-20 21:27 <REP> d-------- C:\Documents and Settings\Francky\Application Data\TaoUSign
2008-05-18 23:21 . 2008-05-18 23:21 <REP> d-------- C:\Program Files\SoftChris
2008-05-17 23:23 . 2008-05-17 23:23 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-12 18:20 . 2008-05-12 18:22 <REP> d-------- C:\Program Files\PhotomatixPro3
2008-05-12 11:53 . 2008-05-17 23:05 <REP> d-------- C:\Program Files\Artizen HDR
2008-05-04 22:04 . 2008-05-06 23:27 <REP> d-------- C:\Documents and Settings\Francky\Application Data\skypePM
2008-05-04 22:04 . 2008-05-04 22:04 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-04 22:03 . 2008-05-06 23:51 <REP> d-------- C:\Documents and Settings\Francky\Application Data\Skype
2008-05-04 22:02 . 2008-05-04 22:02 <REP> d-------- C:\Program Files\Skype
2008-05-04 22:02 . 2008-05-04 22:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-04 22:02 . 2008-05-04 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-03 07:16 . 2008-05-03 07:16 <REP> d-------- C:\Documents and Settings\Francky\Application Data\ItsLabel
2008-05-01 22:57 . 2008-05-01 22:57 <REP> d-------- C:\Documents and Settings\Francky\Application Data\Media Player Classic
2008-05-01 22:57 . 2008-05-01 22:58 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-01 22:56 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-01 22:55 . 2008-05-01 22:55 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-01 22:55 . 2007-09-28 17:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-05-01 22:55 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-01 22:55 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-01 22:55 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-01 22:55 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-01 22:55 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-01 19:05 . 2008-05-01 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 12:04 --------- d-----w C:\Documents and Settings\Francky\Application Data\WTablet
2008-05-27 11:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-27 11:04 --------- d-----w C:\Program Files\McAfee
2008-05-26 20:41 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-05-24 21:04 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-24 21:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-24 21:04 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-05-24 21:04 1,213,784 -c--a-w C:\WINDOWS\vsapi32.dll
2008-05-24 21:02 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-05-24 21:02 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-05-24 21:02 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-05-23 22:41 --------- d-----w C:\Documents and Settings\Francky\Application Data\Azureus
2008-05-17 21:25 --------- d-----w C:\Program Files\Lavasoft
2008-05-17 21:05 --------- d-----w C:\Program Files\adslTV
2008-05-17 21:05 --------- d-----w C:\Documents and Settings\Francky\Application Data\vlc
2008-05-17 21:03 --------- d-----w C:\Program Files\Mobipocket.com
2008-05-17 21:02 --------- d-----w C:\Program Files\palmOne
2008-05-17 19:56 --------- d-----w C:\Program Files\SopCast
2008-05-17 10:19 --------- d-----w C:\Program Files\Winamp
2008-05-05 17:06 --------- d-----w C:\Program Files\Bonjour
2008-05-05 16:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 06:30 --------- d-----w C:\Program Files\Fichiers communs\Mobipocket Shared
2008-05-03 06:29 --------- d-----w C:\Program Files\Konvertor
2008-05-03 06:28 --------- d-----w C:\Program Files\FripTV-Orange
2008-05-03 06:26 --------- d-----w C:\Program Files\eoRezo
2008-05-03 06:26 --------- d-----w C:\Documents and Settings\Francky\Application Data\EoRezo
2008-05-01 20:54 --------- d-----w C:\Program Files\DivX
2008-05-01 17:07 --------- d-----w C:\Program Files\Azureus
2008-04-24 20:39 --------- d-----w C:\Program Files\Panda Security
2008-04-24 19:45 --------- d-----w C:\Program Files\Windows Live
2008-04-24 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 17:42 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-24 17:26 --------- d-----w C:\Program Files\Hercules
2008-04-16 19:58 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-16 19:58 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-16 18:36 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-04-13 17:33 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 17:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 17:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 17:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 17:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 17:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 17:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 17:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 17:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 17:05 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 17:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 17:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 17:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 17:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 17:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:55 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 09:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 09:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-27_ 1.36.59.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-26 23:28:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 12:02:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-26 21:24:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-27 11:04:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-26 21:24:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-27 11:04:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-26 21:24:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-27 11:04:42 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-27 12:04:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_91c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\FripTV-Orange\\friptv.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8200:UDP"= 8200:UDP:VLC

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 00:07]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 13:17]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2006-03-22 03:36]
R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-21 01:29]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]
S1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
S2 0210311211886280mcinstcleanup;McAfee Application Installer Cleanup (0210311211886280);C:\WINDOWS\TEMP\021031~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini []
S2 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2004-03-02 04:07]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 13:31]
S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2004-03-02 04:07]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 13:17]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\PARTIE_ROM\DIDOU.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{912F0565-6FE3-27B5-530D-01B5C4F2BEC8}]
C:\WINDOWS:services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A2654057-2429-2288-5E75-E381D015515B}]
C:\Program Files\System\svchost.exe s
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-03 19:57:32 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-30 23:00:31 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-27 12:06:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 14:03:46
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-27 14:13:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 12:12:11
ComboFix2.txt 2008-05-27 11:56:12
ComboFix3.txt 2008-05-27 11:37:52
ComboFix4.txt 2008-05-26 23:38:28

Pre-Run: 138,533,105,664 octets libres
Post-Run: 138,525,143,040 octets libres

315 --- E O F --- 2008-05-23 17:23:13

bONSOIR quelqu'un peut continuer à m'aider s'il vous plait ? merci

Re (je rentre à l'instant).
Encore des symptômes anormaux ? (je pense que oui, confirme moi stp).

Rends toi sur ce lien : Virus Total

• Clique sur Parcourir
• Rends toi jusque sur ce fichier si tu le trouves :

C:\Program Files\System\svchost.exe

• Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
• Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
• Une nouvelle fenêtre de ton navigateur va apparaître
• Clique alors sur cette image :
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
• Enfin colle le résultat dans ta prochaine réponse.
  Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

Merci pour ta réponse, j'ai effectuer un scan via antivir, il y a un fichier vérolé qui ne se delete pas TR/Trash.Gen, il se trouve dans System Volume Information qui est inacessible. Concernant les maux, le seul que je vois c'est lorsque je suis sur internet Firefox, ex : sur google je ne peux pas faire de recherche et certain site sont inaccessible(charge pas)

J'essai de faire la manip que tu m'as indiqué et reviens vers toi

Merci encore de ton aide

Ok, a priori il reste quelques fichiers à virer, mais inactifs.
On va voir ce que raconte virustotal.

@ toute

je ne trouve pas le fichier, il y en a qu'un c'est klog.dat que dois je faire ?

C'est ce fichier là :
C:\Program Files\System\svchost.exe

Tu auras peut-être besoin d'afficher les fichiers cachés, la manip en images :
http://www.libellules.ch/afficher_fichiers.php

j'ai bien effectué toute les manip, je n'ai qu'un fichier dans C:/PROGRAM/SYSTEM/, j'avais déjà effectuer les manips, afficher les fichiers et dossier cachés et autres

Ok, c'est bon signe.

Télécharge MalwareBytes antimalware (MBAM)

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
• Dans l'onglet "mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
• Une fois la mise à jour terminée, rend-toi dans l'onglet "Recherche"
• Sélectionne "Exécuter une analyse approfondie"
• Clique sur "Rechercher"
• Le scan démarre.
• A la fin de l'analyse, un message s'affiche. Clique sur "OK" pour poursuivre.
• Ferme tes navigateurs
• Si des malwares ont été détectés, leur liste s'affiche.
  En cliquant sur Suppression (ou équivalent) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le

si cela peut aider voici le rapport d'antivir



Avira AntiVir Personal
Report file date: mardi 27 mai 2008 14:22

Scanning for 1292849 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: FRANCK

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 22:33:09
ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 26/05/2008 22:32:13
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 25/05/2008 22:33:24
AESCN.DLL : 8.1.0.18 119156 Bytes 25/05/2008 22:33:23
AERDL.DLL : 8.1.0.20 418165 Bytes 25/05/2008 22:33:22
AEPACK.DLL : 8.1.1.5 364918 Bytes 25/05/2008 22:33:18
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 25/05/2008 22:33:17
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 25/05/2008 22:33:16
AEHELP.DLL : 8.1.0.14 115063 Bytes 25/05/2008 22:33:14
AEGEN.DLL : 8.1.0.21 303477 Bytes 25/05/2008 22:33:13
AEEMU.DLL : 8.1.0.6 430451 Bytes 25/05/2008 22:33:12
AECORE.DLL : 8.1.0.29 168311 Bytes 25/05/2008 22:33:11
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 27 mai 2008 14:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'YzShadow.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'MagicKey.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'mcagent.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'msksrver.exe' - '1' Module(s) have been scanned
Scan process 'MpfSrv.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'McProxy.exe' - '1' Module(s) have been scanned
Scan process 'McNASvc.exe' - '1' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned
Scan process 'LogWatNT.exe' - '1' Module(s) have been scanned
Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned
Scan process 'CachemanXP.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\' <445915>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Francky\Bureau\sdfix\SDFix\apps\Process.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\Francky\Mes documents\installprevx102000506.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\QooBox\Quarantine\C\WINDOWS\system32\opnmNExY.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\SIC\Complet\PALM\02 Games\Handmark Tetris 2.0.rar
[0] Archive type: RAR
--> kg\keygen4TetrisClassic10.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\SIC\Complet\PALM\04 Information Managers\ListPro 4.1.rar
[0] Archive type: RAR
--> kg\ListPro_keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48af4578.qua'!
C:\SIC\Complet\PALM\09 Utilities\Math Tablet 2.02.rar
[0] Archive type: RAR
--> kg\keygen4MathTablet202L.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48b045b6.qua'!
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP120\A0029229.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043033.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043034.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043035.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file could not be renamed!
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043036.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043043.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043044.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043045.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043046.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043048.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '486c52ca.qua'!
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP157\A0044154.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '486c53f2.qua'!
Begin scan in 'D:\' <la vida>
D:\MEDIATHEQUE\PROGRAMME PHOTOS, INTERNET & AUTRES\Programme ZIP\DVD PICTURE SHOW\PictureShow\DVDPS_Patch_TC(Archive).exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP138\A0031589.exe
[DETECTION] Contains detection pattern of the worm WORM/Mapson
[NOTE] The file was moved to '486c64dc.qua'!
D:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP807\A0137181.msi
[DETECTION] Is the Trojan horse TR/Virtl.Hideit.A.1
[NOTE] The file was moved to '486d64f7.qua'!
D:\System Volume Information\_restore{CFA66583-F73E-4366-BC2B-617F2115BA69}\RP810\A0137455.msi
[DETECTION] Is the Trojan horse TR/Virtl.Hideit.A.1
[NOTE] The file was moved to '486d64fc.qua'!


End of the scan: mardi 27 mai 2008 21:45
Used time: 7:23:18 min

The scan has been done completely.

18429 Scanning directories
757248 Files were scanned
18 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
757230 Files not concerned
8750 Archives were scanned
14 Warnings
9 Notes

Voici le log de MBAM

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 791

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 274883
Temps écoulé: 10 hour(s), 9 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGxYsSK.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMcbcDv.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yfsfixid.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP154\A0036073.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP155\A0040762.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP155\A0041771.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP155\A0042936.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP156\A0043050.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP157\A0044128.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP157\A0044129.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP158\A0044217.dll (Trojan.Vundo) -> No action taken.
D:\System Volume Information\_restore{A9484D2B-3F22-42F3-8A6E-5307391C2396}\RP138\A0031585.EXE (Trojan.Agent) -> No action taken.