Trojan.CryptRedol.Gen.2 Résolu/Fermé

Question

Bonjour,

Mon antivirus me trouve des fichiers infectés avec Trojan.CryptRedol.Gen.2, mais ne peut rien faire.
Si quelqu'un peut me donner un coup de main ce serait sympa.

J'ai fait une fichier HijackThis merci encore de votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:10:22, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Securite\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MagicTune Premium\Multiscreen\MultiScreen.exe
C:\WINDOWS\Dit.exe
D:\Securite\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Securite\Acronis\TrueImageHome\TimounterMonitor.exe
D:\INTERNET\JAVA\JRE6\bin\jqs.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
D:\INTERNET\JAVA\JRE6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
D:\Bureau\PaperPort\pptd40nt.exe
D:\Bureau\PDF Create 5\pdfcreate5hook.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
D:\Utilitaires\vista\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
D:\Internet\PyGrenouille\pygrenouille.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
D:\Utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\oodag.exe
D:\Securite\Raxco\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Axon Data\AxCrypt\1.6.4.4\AxCrypt.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
D:\Internet\Firefox\firefox.exe
D:\Internet\Java\JRE6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Securite\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\INTERNET\JAVA\JRE6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\INTERNET\JAVA\JRE6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MagicTune Premium\Multiscreen\MultiScreen.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Securite\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Securite\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\INTERNET\JAVA\JRE6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Bureau\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Bureau\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDFHook] D:\Bureau\PDF Create 5\pdfcreate5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Bureau\PDF Create 5\RegistryController.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [SIDEBAR] "D:\Utilitaires\vista\Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Utilitaires\vista\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PPScheduler] D:\Bureau\PaperPort\PPScheduler.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Bureau\NaturallySpeaking9\Program
atspeak.exe
O4 - Startup: MailWasherPro.lnk = D:\Internet\MailWasher Pro\MailWasher.exe
O4 - Startup: RocketDock.lnk = D:\Utilitaires\vista\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = D:\Utilitaires\vista\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: e-Carte Bleue LCL.lnk = D:\Securite\Ecarte\ecbl-lcl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: PyGrenouille.lnk = D:\Internet\PyGrenouille\pygrenouille.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://I:\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\BUREAU\OFFICE\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://I:\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://I:\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://I:\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\BUREAU\OFFICE\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Securite\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Securite\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - D:\Bureau\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - D:\Bureau\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - D:\Bureau\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Securite\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeAcrSch2Svc (a2freeAcrSch2Svc) - Unknown owner - C:\WINDOWS\TEMP\wmxufybwtx.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99408aa0950da) (gupdate1c99408aa0950da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\INTERNET\JAVA\JRE6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Securite\Raxco\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Securite\Raxco\PD91Engine.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Narco!4 · Answer

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

Smurfg · Answer

Bonjour et merci de ton aide.

résultat donné

Fichier introuvable - LISTEPROCES.TXT
Fichier introuvable - LISTEPROCES.TXT
Fichier introuvable - LISTEPROCES.TXt

Smurfg · Answer

Dsl je viens de voir le reste

Rapport GenProc 2.604 [2] - 17/07/2009 à 14:53:04 
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :


C:\WINDOWS\System32\hjgruidptaswuu.dat 
C:\WINDOWS\System32\hjgruijwqjthve.dat 


et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:55, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Securite\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
C:\WINDOWS\System32\svchost.exe
D:\INTERNET\JAVA\JRE6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
D:\Utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32
vsvc32.exe
D:\Securite\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Securite\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\DitExp.exe
D:\INTERNET\JAVA\JRE6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
D:\Bureau\PaperPort\pptd40nt.exe
D:\Bureau\PDF Create 5\pdfcreate5hook.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
D:\Securite\Raxco\PD91Agent.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
D:\Utilitaires\vista\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
D:\Securite\Ecarte\ecbl-lcl.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
D:\Internet\MailWasher Pro\MailWasher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Documents and Settings\Gendy\Mes documents\Mes fichiers reçus\Nouveau dossier\avis_gmer\AVIS\AVIS\AVIS.exe
C:\DOCUME~1\Gendy\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Gendy\Mes documents\Mes fichiers reçus\Nouveau dossier\avis_gmer\gmer\gmer.exe
D:\Internet\Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32
otepad.exe
C:\GenProc\outil\Gendy_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Securite\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\INTERNET\JAVA\JRE6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\INTERNET\JAVA\JRE6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MagicTune Premium\Multiscreen\MultiScreen.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Securite\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Securite\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\INTERNET\JAVA\JRE6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Bureau\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Bureau\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDFHook] D:\Bureau\PDF Create 5\pdfcreate5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Bureau\PDF Create 5\RegistryController.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [SIDEBAR] "D:\Utilitaires\vista\Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Utilitaires\vista\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PPScheduler] D:\Bureau\PaperPort\PPScheduler.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Bureau\NaturallySpeaking9\Program
atspeak.exe
O4 - Startup: MailWasherPro.lnk = D:\Internet\MailWasher Pro\MailWasher.exe
O4 - Startup: RocketDock.lnk = D:\Utilitaires\vista\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = D:\Utilitaires\vista\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: e-Carte Bleue LCL.lnk = D:\Securite\Ecarte\ecbl-lcl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: PyGrenouille.lnk = D:\Internet\PyGrenouille\pygrenouille.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://I:\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\BUREAU\OFFICE\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://I:\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://I:\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://I:\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\BUREAU\OFFICE\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Securite\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Securite\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - D:\Bureau\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - D:\Bureau\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - D:\Bureau\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Securite\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeAcrSch2Svc (a2freeAcrSch2Svc) - Unknown owner - C:\WINDOWS\TEMP\wmxufybwtx.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99408aa0950da) (gupdate1c99408aa0950da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\INTERNET\JAVA\JRE6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Securite\Raxco\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Securite\Raxco\PD91Engine.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Narco!4 · Answer

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] clique droit sur combofix choisi renommer ; renomme en  td.exe
[*] Double clique td.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Smurfg · Answer

Suite redemarrage apres combofix, j'avais des doublons de mes cd et ceux ci ont disparu etle gestionnaire de disque windows refonctionne dèjà un progrès. merci pour cela deja. et voila le fichier generé

ComboFix 09-07-14.08 - Gendy 17/07/2009 15:27.1.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1023.251 [GMT 2:00]
Running from: c:\documents and settings\Gendy\Bureau	d.exe
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\146d2f.msi
c:\windows\Installer\1834138.msp
c:\windows\Installer\399004.msp
c:\windows\Installer\6d2d95.msp
c:\windows\patch.exe
c:\windows\system32\hjgruidptaswuu.dat
c:\windows\system32\hjgruijwqjthve.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruixcbpjyot


(((((((((((((((((((((((((   Files Created from 2009-06-17 to 2009-07-17  )))))))))))))))))))))))))))))))
.

2009-07-17 12:48 . 2009-07-17 12:52	--------	d-----w-	C:\GenProc
2009-07-16 23:32 . 2009-07-16 23:32	--------	d-----w-	c:\documents and settings\Gendy\Application Data\Malwarebytes
2009-07-16 23:32 . 2009-07-13 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 23:32 . 2009-07-16 23:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 23:32 . 2009-07-13 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-16 23:09 . 2009-07-16 23:09	--------	d-----w-	c:\program files\Trend Micro
2009-07-16 19:51 . 2009-07-16 19:51	--------	d-----w-	c:\program files\MSECache
2009-07-15 16:12 . 2009-07-15 16:12	--------	d-----w-	c:\windows\system32\Adobe
2009-07-14 12:19 . 2009-07-14 12:19	--------	d-----w-	c:\documents and settings\Gendy\Local Settings\Application Data\ACD Systems
2009-07-14 12:18 . 2009-07-14 12:18	--------	d-----w-	c:\documents and settings\Gendy\Application Data\ACD Systems
2009-07-14 12:17 . 2009-07-14 12:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\ACD Systems
2009-07-14 12:16 . 2009-07-14 12:17	--------	d-----w-	c:\program files\Fichiers communs\ACD Systems
2009-07-14 12:14 . 2009-07-14 12:14	--------	d-----w-	c:\documents and settings\Gendy\Local Settings\Application Data\Downloaded Installations
2009-07-11 19:41 . 2009-07-11 19:41	--------	d-----w-	c:\program files\Axon Data
2009-07-11 18:38 . 2008-04-10 10:08	71184	----a-r-	c:\windows\system32\drivers\DefragFS.sys
2009-07-11 18:38 . 2009-07-11 18:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\Raxco
2009-07-11 11:55 . 2007-08-01 21:47	102664	----a-w-	c:\windows\system32\drivers	mcomm.sys
2009-07-11 08:14 . 2009-07-11 08:14	603904	----a-w-	c:\windows\system32\TUProgSt.exe
2009-07-11 08:14 . 2008-12-11 11:31	27904	----a-w-	c:\windows\system32\uxtuneup.dll
2009-07-11 08:13 . 2009-07-11 08:13	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2009-07-10 21:54 . 2009-07-11 21:05	--------	d-----w-	c:\windows\system32\oodag
2009-07-09 20:55 . 2009-07-09 20:55	--------	d-----w-	c:\documents and settings\Administrateur\Local Settings\Application Data\O&O
2009-06-26 12:52 . 2009-06-26 12:52	--------	d-----w-	c:\documents and settings\Gendy\Application Data\NCH Software
2009-06-26 12:49 . 2009-06-26 12:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-26 12:49 . 2009-06-26 19:56	--------	d-----w-	c:\program files\NCH Software
2009-06-26 12:49 . 2009-06-26 12:49	--------	d-----w-	c:\documents and settings\Gendy\Application Data\NCH Swift Sound
2009-06-26 12:44 . 2009-06-24 19:02	299008	----a-w-	c:\windows\system32\TubeFinder.exe
2009-06-26 12:44 . 2009-06-19 17:51	141312	----a-w-	c:\windows\system32\MSCMCFR.DLL
2009-06-24 19:52 . 2009-06-26 11:54	190848	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-24 19:25 . 2009-06-24 19:25	8854	----a-r-	c:\documents and settings\Gendy\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe
2009-06-24 19:25 . 2009-06-24 19:25	53248	----a-r-	c:\documents and settings\Gendy\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut11_A37A26D584444862933B478371D0299D.exe
2009-06-24 19:25 . 2009-06-24 19:25	53248	----a-r-	c:\documents and settings\Gendy\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\NewShortcut1_A37A26D584444862933B478371D0299D.exe
2009-06-24 19:25 . 2009-06-24 19:25	10134	----a-r-	c:\documents and settings\Gendy\Application Data\Microsoft\Installer\{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}\ARPPRODUCTICON.exe
2009-06-24 19:24 . 2009-06-24 19:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Micro Application

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 13:44 . 2008-12-13 22:08	--------	d-----w-	c:\documents and settings\Gendy\Application Data\Desktop Sidebar
2009-07-17 13:41 . 2008-12-24 14:50	--------	d-----w-	c:\documents and settings\Gendy\Application Data\MailWasherPro
2009-07-17 13:40 . 2009-06-04 17:37	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-07-17 04:44 . 2009-01-19 18:34	81984	----a-w-	c:\windows\system32\bdod.bin
2009-07-16 19:37 . 2009-01-03 22:14	--------	d-----w-	c:\documents and settings\Gendy\Application Data\GrabIt
2009-07-15 20:05 . 2009-06-04 17:00	--------	d-----w-	c:\documents and settings\Gendy\Application Data\.oit
2009-07-15 16:44 . 2008-12-24 16:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 16:36 . 2008-12-13 21:20	2035	----a-w-	c:\documents and settings\Gendy\Application Data\SAS7_000.DAT
2009-07-14 12:14 . 2008-12-13 23:19	--------	d-----w-	c:\documents and settings\Gendy\Application Data\Azureus
2009-07-14 11:20 . 2009-02-08 12:56	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-11 08:14 . 2009-01-12 21:04	360192	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2009-07-10 21:26 . 2008-12-13 13:22	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-10 18:57 . 2008-12-29 17:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-10 12:59 . 2008-12-13 13:38	65536	----a-w-	c:\windows\DUMP856c.tmp
2009-07-09 19:59 . 2009-05-14 19:24	--------	d-----w-	c:\program files\ma-config.com
2009-07-09 19:59 . 2008-12-13 17:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-04 20:06 . 2009-02-22 11:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nero
2009-07-04 19:26 . 2009-02-22 11:01	--------	d-----w-	c:\program files\Fichiers communs\Nero
2009-07-02 12:14 . 2009-05-21 18:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-26 12:01 . 2003-04-24 12:00	82256	----a-w-	c:\windows\system32\perfc00C.dat
2009-06-26 12:01 . 2003-04-24 12:00	504788	----a-w-	c:\windows\system32\perfh00C.dat
2009-06-16 17:31 . 2008-12-13 19:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-16 17:31 . 2008-12-13 19:42	--------	d-----w-	c:\program files\Fichiers communs\ScanSoft Shared
2009-06-16 14:40 . 2003-04-24 12:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2003-04-24 12:00	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-09 18:50 . 2009-06-09 18:50	59256	---ha-w-	c:\windows\system32\mlfcache.dat
2009-06-09 18:23 . 2009-02-22 11:05	--------	d-----w-	c:\documents and settings\Gendy\Application Data\Nero
2009-06-09 17:52 . 2008-12-29 01:33	--------	d-----w-	c:\program files\Google
2009-06-08 18:26 . 2008-12-17 23:06	--------	d-----w-	c:\documents and settings\Gendy\Application Data\COWON
2009-06-08 18:26 . 2009-06-08 18:25	--------	d-----w-	c:\program files\Fichiers communs\COWON
2009-06-04 18:45 . 2008-12-13 13:15	81784	----a-w-	c:\documents and settings\Gendy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 18:45 . 2009-06-04 17:08	8224	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 18:29 . 2009-06-04 18:29	--------	d-----w-	c:\documents and settings\Gendy\Application Data\FLEXnet
2009-06-04 17:46 . 2008-12-14 00:45	--------	d-----w-	c:\documents and settings\Gendy\Application Data\ScanSoft
2009-06-04 17:38 . 2008-12-13 19:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nuance
2009-06-04 17:37 . 2009-06-04 17:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Macrovision
2009-06-04 17:37 . 2008-12-13 19:44	--------	d-----w-	c:\documents and settings\Gendy\Application Data\Nuance
2009-06-04 17:35 . 2009-06-04 17:35	--------	d-----w-	c:\program files\Nuance
2009-06-04 17:35 . 2008-12-13 16:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-04 17:28 . 2008-12-14 00:44	--------	d-----w-	c:\program files\ScanSoft
2009-06-04 17:07 . 2009-02-18 20:50	8224	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-06-03 19:10 . 2003-04-24 12:00	1297408	----a-w-	c:\windows\system32\quartz.dll
2009-06-01 21:49 . 2009-06-01 21:49	--------	d-----w-	c:\program files\Garmin GPS Plugin
2009-05-31 08:55 . 2009-05-31 08:51	--------	d-----w-	c:\documents and settings\Gendy\Application Data\U3
2009-05-25 18:32 . 2009-03-17 20:19	1801	----a-w-	c:\documents and settings\All Users\Application Data\xml12D.tmp
2009-05-25 18:32 . 2009-03-17 20:19	13432	----a-w-	c:\documents and settings\All Users\Application Data\xml12B.tmp
2009-05-22 09:32 . 2008-12-13 17:53	1	----a-w-	c:\documents and settings\Gendy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-20 18:59 . 2008-12-24 16:19	--------	d-----w-	c:\program files\Microsoft Works
2009-05-15 06:02 . 2009-05-15 06:02	2373416	----a-w-	c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-05-14 13:20 . 2009-05-14 18:48	2645832	----a-w-	c:\documents and settings\Gendy\Application Data\Mozilla\Firefox\Profilesr8glrr7.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-07 15:33 . 2003-04-24 12:00	348672	----a-w-	c:\windows\system32\localspl.dll
2009-05-06 20:14 . 2009-02-08 12:58	49152	----a-r-	c:\documents and settings\Gendy\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-05-06 20:13 . 2009-02-08 12:58	335872	----a-r-	c:\documents and settings\Gendy\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-05-03 17:15 . 2009-05-03 17:15	165376	----a-w-	c:\windows\system32\drivers\atksgt.sys
2009-05-03 17:14 . 2009-05-03 17:14	18048	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2009-05-01 18:30 . 2009-05-01 18:30	3366912	----a-w-	c:\windows\system32\GPhotos.scr
2009-04-29 04:45 . 2003-04-24 12:00	827392	----a-w-	c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2008-12-13 13:12	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-04-21 20:21 . 2009-04-21 20:21	8673792	----a-w-	c:\documents and settings\All Users\Application Data\atscie.msi
2009-04-19 19:50 . 2003-04-24 12:00	1847296	----a-w-	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SIDEBAR"="d:\utilitaires\vista\Sidebar\dsidebar.exe" [2006-07-09 1777664]
"msnmsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"RocketDock"="d:\utilitaires\vista\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"PPScheduler"="d:\bureau\PaperPort\PPScheduler.exe" [2008-05-09 98304]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-12 156416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"MultiScreen"="c:\program files\MagicTune Premium\Multiscreen\MultiScreen.exe" [2008-02-22 114688]
"TrueImageMonitor.exe"="d:\securite\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336]
"AcronisTimounterMonitor"="d:\securite\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"Nikon Transfer Monitor"="c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"SunJavaUpdateSched"="d:\internet\JAVA\JRE6\bin\jusched.exe" [2009-03-09 148888]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-16 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-16 69632]
"PaperPort PTD"="d:\bureau\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="d:\bureau\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PDFHook"="d:\bureau\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]
"PDF5 Registry Controller"="d:\bureau\PDF Create 5\RegistryController.exe" [2008-12-13 58656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2002-08-28 73728]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32
wiz.exe [2003-07-28 323584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Gendy\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk - d:\bureau\NaturallySpeaking9\Program
atspeak.exe [2007-5-14 2524776]
MailWasherPro.lnk - d:\internet\MailWasher Pro\MailWasher.exe [2008-10-14 18202840]
RocketDock.lnk - d:\utilitaires\vista\Vista Inspirat 2\RocketDock\RocketDock.exe [2008-12-14 630784]
TransBar.lnk - d:\utilitaires\vista\Vista Inspirat 2\TransBar\TransBar.exe [2008-12-14 65536]

c:\documents and settings\Gendy\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk - d:\bureau\NaturallySpeaking9\Program
atspeak.exe [2007-5-14 2524776]
MailWasherPro.lnk - d:\internet\MailWasher Pro\MailWasher.exe [2008-10-14 18202840]
RocketDock.lnk - d:\utilitaires\vista\Vista Inspirat 2\RocketDock\RocketDock.exe [2008-12-14 630784]
TransBar.lnk - d:\utilitaires\vista\Vista Inspirat 2\TransBar\TransBar.exe [2008-12-14 65536]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
e-Carte Bleue LCL.lnk - d:\securite\Ecarte\ecbl-lcl.exe [2008-12-27 278528]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-2-1 36864]
PyGrenouille.lnk - d:\internet\PyGrenouille\pygrenouille.exe [2009-1-4 83968]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"Adobe Acrobat Speed Launcher"="d:\bureau\Adobe\Acrobat\Acrobat_sl.exe"
"DNS7reminder"="d:\bureau\NaturallySpeaking9\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
"Acrobat Assistant 8.0"="d:\bureau\Adobe\Acrobat\Acrotray.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"d:\Bureau\Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\MagicTune Premium\MagicTune.exe"=
"d:\Multimedia\HomePlayer\HomePlayer.exe"=
"d:\Multimedia\HomePlayer\VLC\vlc.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe"=
"c:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [04/09/2008 17:33 82696]
R2 PD91Agent;PD91Agent;d:\securite\Raxco\PD91Agent.exe [22/04/2008 12:21 689416]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [11/07/2009 10:14 603904]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [17/10/2008 15:01 104328]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [13/12/2008 14:55 24704]
S2 a2freeAcrSch2Svc;a-squared Free Service a2freeAcrSch2Svc;c:\windows\TEMP\wmxufybwtx.exe service --> c:\windows\TEMP\wmxufybwtx.exe service [?]
S2 gupdate1c99408aa0950da;Google Update Service (gupdate1c99408aa0950da);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 11:42 133104]
S2 ppcdufbqhkp;ppcdufbqhkp;\??\c:\windows\system32\drivers\lyctogy.sys --> c:\windows\system32\drivers\lyctogy.sys [?]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [13/12/2008 22:45 223232]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [07/02/2009 16:56 13224]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 PD91Engine;PD91Engine;d:\securite\Raxco\PD91Engine.exe [22/04/2008 12:21 894216]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [17/03/2009 22:16 98488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 09:41]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 09:41]

2008-12-13 c:\windows\Tasks\LifeChatTask.job
- c:\program files\Microsoft LifeChat\LifeChat.exe [2008-08-21 10:16]

2009-07-17 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 13:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - d:\bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - d:\bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Ajouter le contenu du lien à un fichier PDF existant - d:\bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Barre RoboForm - file://i:oboform\RoboFormComShowToolbar.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Créer des fichiers PDF à partir des liens sélectionnés - d:\bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Créer fichier PDF - d:\bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Créer un fichier PDF depuis le contenu du lien - d:\bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: E&xporter vers Microsoft Excel - d:\bureau\OFFICE\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://i:oboform\RoboFormComSavePass.html
IE: Personnaliser le menu - file://i:oboform\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://i:oboform\RoboFormComFillForms.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Gendy\Application Data\Mozilla\Firefox\Profilesr8glrr7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://voila.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: d:\internet\FIREFOX\components\FFComm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: d:\bureau\Adobe\Acrobat\browser
ppdf32.dll
FF - plugin: d:\bureau\ADOBE\ACROBAT\browser
ppdf32.dll
FF - plugin: d:\internet\Firefox\plugins
p-mswmp.dll
FF - plugin: d:\internet\Firefox\plugins
pornap.dll
FF - plugin: d:\internet\JAVA\JRE6\bin
ew_plugin
pdeploytk.dll
FF - plugin: d:\internet\JAVA\JRE6\bin
ew_plugin
pjp2.dll
FF - plugin: d:\photos\Picasa3
pPicasa3.dll
FF - plugin: d:\utilitaires\ma-config.com
phardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\internet\FIREFOX\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\internet\FIREFOX\greprefs\all.js - pref("media.cache_size", 51200);
d:\internet\FIREFOX\greprefs\all.js - pref("media.ogg.enabled", true);
d:\internet\FIREFOX\greprefs\all.js - pref("media.wave.enabled", true);
d:\internet\FIREFOX\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\internet\FIREFOX\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\internet\FIREFOX\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\internet\FIREFOX\greprefs\all.js - pref("dom.storage.default_quota",      5120);
d:\internet\FIREFOX\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\internet\FIREFOX\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\internet\FIREFOX\greprefs\all.js - pref("layout.css.dpi", -1);
d:\internet\FIREFOX\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\internet\FIREFOX\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\internet\FIREFOX\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\internet\FIREFOX\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\internet\FIREFOX\greprefs\all.js - pref("geo.enabled", true);
d:\internet\FIREFOX\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\internet\FIREFOX\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\internet\FIREFOX\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\internet\FIREFOX\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="86C71B16550F2A3E4FF8D3360C4BE95371DE0247C6FE0E721AC727880BDBAEBCAF35B9A2ADFAC7F83120562261A6CA59F553B78799390746B1D006DA38905DCB4D4571DB9285BF02921221363BFE1017A2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B55556459A40F735E8056549DF2C61C8B8965E59BDE99419938C1E087C201D74B63B94B94070EC08165CD1104445EBB1DF8915A4A8F013A58F85F59BC7A19EE094CF9CF8A21E4C72F91484CF5E5CA40D365F5642CAD861E97125CEC67C4FD57EF21FB1CCFD3670830BEF53A2019348C5991D2C35AF19BBCD1F59821C83951E52E31BA176B1B8F87B20859A95A6A0D6FB4B20A1F90BB924EF6463ED24E5F29C96D80A392AC2B8CA52F63FBA286ACB9502F018477E335CDE1F6DD5F358547BB4B82904CB0F57E00AB3AFDD97510F730B60148834A3A03076E04D9BF9A7A0D592D912F7AFC0BD6BA4FACD7297F8F808845122C9FEBF71FC37EBFAF0E7F641BDA34F31284051E22948BD3964A77C300F11C6EB06449CE89B32AE51E5AC9B528219A30BA95B435D7DE7C0C06D362CE12206E1A63E26786CFC3D498DDF3A6012076B9486E5648EE3633B00929E384EDFED7AFAECC647060421708F539786066343D1916E1C412051643EA7C458241C1E344B9E3B46D1EB6020A98A271A893D4DC04CC2735CDC57A7A12E9D4FD2764036CA180B73B97241D12289777547C22FFAA09D7F288DA5080A500FF40D98AE5EE51947B3DAEED8174EE675450C55B2763A964BD583690FF9BFB7A97ABF88500A8B9EFC419A8BBA6D70BF97991CCBDFA180671D88E2FB8FEA353485AB8B55634C2D6A288EBF86CF3C7594DB4CBD0853336170250C832A2109F9B6F5BBF9847223742478AABC2CD56C3FDDF36BEABA9AA29921330A892743F942C20B1175720EFE2E03E159661C8C5BD3AA54B5816747DB88FADE60FCFD7754E5F01DC5CFCEC9C44A569C13F5C8B85B5D1D37A044696F3DAF160020480CC5A4E0ED47283C193DCDDE7D2582097CA2B3A9EB98D3596B2D19B79E370FBB8337EAD378E83CD42B84E6A3ED3B0821D0981DABE0BAAC4B6F1DB7E853E4278AE8DB1B0167A4B693AE3E5176B2E135A4B6E8C5F6DAA1BB89C9E153B4863015CA18C59DD0A0E103DBA18E4257E764545AF06AD0474B97C56423211BAD2082BAF9BC8CCDD0A1CB40EFD71EE16C3E4B5E711973537939A9C113F703B2881D0B2E76D9C8FC2EFA51BF79F716CDFD7BE984FA986357903D28DDB11A362FA20ABB3883451BEDBF50A58883FCA997787951A96D32195BB088A8FABB2D6C9EF90BC956C8A725D87BD8C0D47F3488C36D255C65A076F8D0265B842B96AADBFCB1D82FB951"
"OODEFRAG08.00.00.01WORKSTATION"="9EC1DC4D16074264553C55787BC2EDCF8CD26A8361257A30F0C879EA31E76A72DF1D40CEF22B954FE12679A831E46C8E63CDC596A05806CED6CB61AD9D9FFE6B8FFBB060F8472FE6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A6171C11EC38DE3DBB9C1FBC7A35C72EB953A23C6ED29F5DC0D9AF377A98714ADA55B7D5AEB909F555DCD0210B66C183AC59BE68CBE937253EDCCD390755441B499CF5E195B958C14970598D55F10F33986307E5B1FB2CEEE2DA1A4D00E6D1A2EB459AA1ADC995ECA15FBC963CD163458203E51A8DDA27E5D30F83C98116D44A21D2B8FB5FCD34411718D4D415A50207A1B095ED44FCE1F5E218CB091CD51D43FB2EB7DC87CDB7D19B6CCA65A92DC58A62C32A4F2B7E2CD11C7B886A53B791FEC2A2D1B3F7F7B86FD0102068B8D09FA465FC85308D1EE9703C1FA2509EF5A8B570611674F31D67B58F1EA78374988E6E807EE107AB3E118C354F5A216AEA6E62B27EE596B73283FE63148ADD81B2AB45BA4DCACB36E5AEA2AB3ABE48979583C3EB72F895EC4FE16A0B524325FBEF1FCAD055237D574060F5797537B47A1C9CDD3399DA72B632EB5EF91EA18970C827E233E41E9C279BD90CABF5FC57D8C502F553B4E9AEA9BB1F02D722C940E05597B608ADC530B6EA63AF05181E27F07D8E994AE758D3CDEF8D4181EA3301435456B4A64575C108C6D6EE7A1B7B9F71D335164B3C2DEBA1785A4C06E9AA898227DC0D9A285D5D12E7259BB423CB407E7CF77F3B1DC28795A2C197A6744F19FBD3B93526B30595C0ADCFCA13B6988931CF6F2CB6DB493A0EDD8E5BDD4415F503858FE6BC2AC300F11CEED926424004944A49B98BAB429BE4BF2314D57642E8DA87949D083245B779D82E63B293F3B9A98943833BA685486782F4806E8C74BC404D129C62D68BD79E30CC4C33DF39B76253B42F7DC63CDD55810DA5B9EB1B43E06DE7E75E05EA049B8F9D3855BDE9932A8F83A33CEE660165BD87CB815EF9D05D200848C08F0CE19F0A071479A8346259C82D8B17E257D93FDC177FC091A7BE4C45F74B802D6D99CE57068BB67F99BEC2B042D65F4AB41400A70110A5151268B75C5142CA795DD83E522991D405EFC6A799E5389BB1785FB98A1E1294E077309D8DC4C2007081D27A79935D53E2609EC37C5026870AF3EC70965C5DA64BEBF9F0A0922535F653BC81EF7C68E123EA6BBF75CEDB8F2747781D803B8E241557AD9706920732519FCF47FB30EF67B65E59BDC34259D7C1EABA2DA1D2860FDC74B7E9CDAD4AF32B86C9B2898C777CED621550C91DE1B776A9F382F6C9679A2AD50B37AE61122B137CEB1F268545EE827053819267FBB7C4A16970A05E1B2D655C99C102C248"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(372)
c:\windows\system32elog_ap.dll

- - - - - - - > 'explorer.exe'(5820)
c:\windows\system32\SHDOCVW.dll
d:\utilitaires\vista\RocketDock\RocketDock.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32
tshrui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
d:\securite\SPYBOT~1\SDHelper.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
d:\securite\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
d:\internet\Java\JRE6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
d:\utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
c:\windows\system32
vsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\DitExp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32undll32.exe
c:\progra~1\MI3AA1~1apimgr.exe
c:\program files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
d:\internet\Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-07-17 15:51 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-17 13:51

Pre-Run: 30 814 126 080 octets libres
Post-Run: 30 717 865 984 octets libres

385	--- E O F ---	2009-07-15 16:45

Smurfg · Answer

En tout cas, le problème n'est peut être pas encore completement regle, mais je constate de sacre reprise de mes programmes, Partition magic refonctionne, en tout cas dejà pour les ameliorations constaté un grand merci.

Narco!4 · Answer

relance genproc, poste le rapport

Smurfg · Answer

Rapport GenProc 2.604 [4] - 17/07/2009 à 16:54:25 
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (7.0.5730.13) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
- C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:20, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Securite\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
C:\WINDOWS\System32\svchost.exe
D:\INTERNET\JAVA\JRE6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
D:\Utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\oodag.exe
D:\Securite\Raxco\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Dit.exe
D:\Securite\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
D:\Securite\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\DitExp.exe
D:\INTERNET\JAVA\JRE6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\System32\TUProgSt.exe
D:\Bureau\PaperPort\pptd40nt.exe
D:\Bureau\PDF Create 5\pdfcreate5hook.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Utilitaires\vista\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
D:\Internet\PyGrenouille\pygrenouille.exe
D:\Internet\MailWasher Pro\MailWasher.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Internet\Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Gendy_GenProc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Securite\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\INTERNET\JAVA\JRE6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\INTERNET\JAVA\JRE6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MagicTune Premium\Multiscreen\MultiScreen.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Securite\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Securite\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\INTERNET\JAVA\JRE6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "D:\Bureau\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "D:\Bureau\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDFHook] D:\Bureau\PDF Create 5\pdfcreate5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Bureau\PDF Create 5\RegistryController.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [SIDEBAR] "D:\Utilitaires\vista\Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Utilitaires\vista\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PPScheduler] D:\Bureau\PaperPort\PPScheduler.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = D:\Bureau\NaturallySpeaking9\Program
atspeak.exe
O4 - Startup: MailWasherPro.lnk = D:\Internet\MailWasher Pro\MailWasher.exe
O4 - Startup: RocketDock.lnk = D:\Utilitaires\vista\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = D:\Utilitaires\vista\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: e-Carte Bleue LCL.lnk = D:\Securite\Ecarte\ecbl-lcl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: PyGrenouille.lnk = D:\Internet\PyGrenouille\pygrenouille.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://I:\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://D:\Bureau\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\BUREAU\OFFICE\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://I:\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://I:\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://I:\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Utilitaires\vista\Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\BUREAU\OFFICE\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Securite\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Securite\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - D:\Bureau\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - D:\Bureau\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - D:\Bureau\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Securite\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeAcrSch2Svc (a2freeAcrSch2Svc) - Unknown owner - C:\WINDOWS\TEMP\wmxufybwtx.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99408aa0950da) (gupdate1c99408aa0950da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\INTERNET\JAVA\JRE6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Utilitaires\Gravure\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - D:\Securite\Raxco\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - D:\Securite\Raxco\PD91Engine.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Narco!4 · Answer

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

Smurfg · Answer

Bonjour

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=d8f0acbafb1de541a098c792a62b4b9a
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-19 09:04:42
# local_time=2009-07-19 11:04:42 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2053 21 100 100 103016093750
# scanned=14221
# found=0
# cleaned=0
# scan_time=9372
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=d8f0acbafb1de541a098c792a62b4b9a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-20 06:11:57
# local_time=2009-07-20 08:11:57 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2053 21 100 100 332496406250
# scanned=99263
# found=1
# cleaned=1
# scan_time=32763
C:\Documents and Settings\Gendy\Mes documents\GrabIt Downloads\alt.binaries.boneless
ero\Nero 9.4.13.2\Nero-9.4.13.2_trial.exe	Win32/Toolbar.AskSBar application (supprimé - mis en quarantaine)	00000000000000000000000000000000	C

Narco!4 · Answer

* Pour terminer, utilise ToolsCleaner! (de A.Rothstein et Dj Quiou) http://pc-system.fr/ pour nettoyer les utilitaires téléchargés,
* Désactive la restauration système, redémarre l'ordinateur, puis réactive-la, en procédant comme indiqué ici  http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

* Lance le nettoyage avec CCleaner 

* Visite régulièrement le site http://www.update.microsoft.com/windowsupdate/v6/default.aspx afin d'avoir un système toujours actualisé.
* Utilise hebdomadairement ce petit programme http://alt-shift-return.org/Info/Update_Checker.html pour effectuer tes mises à jour logicielles.
* N'installe jamais un programme sans avoir entièrement lu et compris les termes de son contrat d'utilisation, ou sans être définitivement certain qu'il n'installe pas discrètement un logiciel publicitaire (renseigne-toi sur Google ou sur les forums)
* Préfère l'utilisation de logiciels libres https://fr.wikipedia.org/wiki/Logiciel_libre : ils sont transparents et plus sécurisés, à l'inverse des logiciels propriétaires https://fr.wikipedia.org/wiki/Logiciel_propri%C3%A9taire ; Firefox, Thunderbird, OpenOffice, VLC... en font partie.

* A ce moment là, tu pourras marquer ton sujet "résolu" si tu estimes que c'est le cas 

* Note importante : il est fortement conseillé d'utiliser un compte limité pour une utilisation classique d'un ordinateur afin de minimiser très siginificativement les risques d'infection.
Mode d'emploi : https://www.microsoft.com/de-ch

à+

Smurfg · Answer

Un grand merci Narco!4, j'ai re scanner mon pc et tout semble rentrer dans l'ordre.

Trojan.CryptRedol.Gen.2

12 réponses

Discussions similaires