Virus Win32.agent -LNK (Wm) - Page 2

Précédent
  • 1
  • 2
  1. Mary
     
    Quelqu'un peut-il venir à mon secours? j'ai posté les rapports dans la page précédente, et comme je ne sais pas quoi supprimer, je demande...
    Merci à ceux qui veulent bien m'aider!
    Mary
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec

    fx istbar

    https://www.broadcom.com/support/security-center

    _________________

    vire ces deux fichiers en allant dans poste de travail puis .... (si presents)

    C:\Documents and Settings\MAISON 2\Bureau\clé usb\boutvis\TuneUp_Utilities_2004_v4[2].1.2318_Multilanguage.zip

    F:\Pour Jouer\Majonguesetup\MyPlayCity_WhenUSave_Installer.exe

    _________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _________________

    donne moi le nom exact du fichier trouvé comme infécté par avast
    0
  3. Mary
     
    Merci!

    Alors, voila, les deux fichiers sont supprimés, le nom exact du fichier infecté et signalé par avast est smtpdrv.sys, il est dans :
    C:\WINDOWS\system32\drivers.

    Le scan de symantec donne :

    Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0

    registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main: Search Bar (value deleted)
    registry: HKEY_USERS\S-1-5-21-1962516476-1565252573-596074764-1006\Software\Microsoft\Internet Explorer\Main: Search Bar (value deleted)
    registry: HKEY_USERS\S-1-5-21-1962516476-1565252573-596074764-1006\Software\Microsoft\Internet Explorer\Search: SearchAssistant (value deleted)

    C:\Documents and Settings\MAISON 2\Bureau\Utile\Clé usb\Nancy\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage\Stage: (not scanned)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\miss_lili_30@hotmail.com\DFSR\Staging\CS{BF53482E-7FAA-6668-DAC3-8F700681FB54}\01\127-{BF53482E-7FAA-6668-DAC3-8F700681FB54}-v1-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v127-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\pierrickmartinez@hotmail.com\DFSR\Staging\CS{5E8AFFA7-3BDF-073A-4694-7CD42DFF03B0}\01\10-{5E8AFFA7-3BDF-073A-4694-7CD42DFF03B0}-v1-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v10-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\pierrickmartinez@hotmail.com\DFSR\Staging\CS{5E8AFFA7-3BDF-073A-4694-7CD42DFF03B0}\11\11-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v11-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v11-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\pierrickmartinez@hotmail.com\DFSR\Staging\CS{5E8AFFA7-3BDF-073A-4694-7CD42DFF03B0}\54\257-{2227D85F-2FEA-417D-9CED-BA115F66DE70}-v254-{2227D85F-2FEA-417D-9CED-BA115F66DE70}-v257-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\01\12-{A3407B29-5473-B8F1-0CAA-1383301D3323}-v1-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v12-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\01\181-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v101-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v181-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\11\40-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v11-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v40-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\19\173-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v19-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v173-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\22\183-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v22-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v183-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\23\194-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v23-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v194-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\24\195-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v24-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v195-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\25\192-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v25-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v192-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\26\187-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v26-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v187-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\27\156-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v27-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v156-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\27\188-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v27-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v188-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\28\189-{376C63C5-A299-423A-A7DC-C6C74C5F8FF4}-v28-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v189-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\29\157-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v29-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v157-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\31\158-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v31-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v158-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\34\37-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v34-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v37-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\39\161-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v39-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v161-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\41\162-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v41-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v162-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\43\163-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v43-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v163-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\45\164-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v45-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v164-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\47\165-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v47-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v165-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\52\166-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v52-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v166-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\57\168-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v57-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v168-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\59\169-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v59-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v169-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\66\171-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v66-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v171-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\67\130-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v67-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v130-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\68\148-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v68-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v148-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\69\149-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v69-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v149-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\70\151-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v70-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v151-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\71\152-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v71-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v152-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\72\153-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v72-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v153-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\84\150-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v84-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v150-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\92\176-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v92-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v176-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\93\174-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v93-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v174-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\94\175-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v94-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v175-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\MAISON 2\Local Settings\Application Data\Microsoft\Messenger\marie_timac@hotmail.com\SharingMetadata\st_poncet@hotmail.com\DFSR\Staging\CS{A3407B29-5473-B8F1-0CAA-1383301D3323}\99\180-{8E1DBB7F-8803-46E5-BE2F-FD394BF7A062}-v99-{9BFAE866-4F2A-4083-B9DB-7CD5D5E465F8}-v180-Downloaded.frx (WARNING: not scanned, path to long)
    C:\System Volume Information: (not scanned)
    Adware.Istbar has not been found on your computer.

    Le scan de combofix donne :

    ComboFix 08-01-23.1C - MAISON 2 2008-01-25 14:10:11.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.298 [GMT 1:00]
    Endroit: C:\Documents and Settings\MAISON 2\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
    .
    /wow section - STAGE 1

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\WINDOWS\system32\6_exception.nls
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\sft.res

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 14:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 15:52 . 2008-01-24 21:54 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 00:01 . 2008-01-23 21:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-21 23:56 . 2008-01-22 23:42 <REP> d-------- C:\Program Files\Panda Security
    2008-01-21 22:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-21 12:59 . 2008-01-21 12:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-20 23:37 . 2008-01-25 14:14 25,984 --a------ C:\WINDOWS\system32\drivers\Hpa58.sys
    2008-01-20 23:37 . 2008-01-20 23:37 2 --a--c--- C:\-1872345472
    2008-01-20 23:36 . 2008-01-20 23:36 54,764 --a------ C:\WINDOWS\system32\drivers\drtya
    2008-01-18 20:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-01-18 20:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-01-18 20:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-01-18 20:02 . 2008-01-18 20:04 <REP> d-------- C:\Program Files\PDF creator
    2008-01-18 18:37 . 2008-01-24 19:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-18 18:37 . 2008-01-18 18:37 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iTunes
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iPod
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\Program Files\QuickTime
    2008-01-12 14:56 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Carte du monde Voyages SNCF dir
    2008-01-12 14:52 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Images du monde Voyages SNCF dir
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-01-08 16:52 . 2008-01-08 16:52 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-08 16:51 . 2008-01-08 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2007-12-27 23:28 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
    2007-12-27 23:19 . 2007-12-27 23:26 <REP> d-------- C:\Program Files\SightSpeed

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-23 15:36 --------- d-----w C:\Program Files\Plasma Pong
    2008-01-23 15:36 --------- d-----w C:\Program Files\Dictionnairecantonnais
    2008-01-21 22:46 --------- d-----w C:\Program Files\wanadoo_toolbar
    2008-01-08 18:23 --------- d-----w C:\Program Files\EA GAMES
    2007-12-27 22:33 --------- d-----w C:\Program Files\Creative
    2007-12-27 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-06 22:43 --------- d-----w C:\Program Files\Logitech
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-26 11:42 --------- d-----w C:\Program Files\DAEMON Tools
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 19:11 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-24 13:11 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="F:\POURAN~2\avaste\ashDisp.exe" [2007-12-04 14:00 79224]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-14 16:33 185632]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43 53340]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
    "Picasa Media Detector"="F:\Pour Voir\Pikasa\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

    C:\Documents and Settings\MAISON 2\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-23 17:27:58 110592]
    RocketDock.lnk - C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2004-07-20 09:22 57344 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-08-12 20:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    --a------ 1998-11-30 18:04 497376 C:\WINDOWS\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2001-09-04 22:30 28738 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 02:14 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-14 16:33 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R0 Hpa58;Hpa58;C:\WINDOWS\system32\Drivers\Hpa58.sys [2008-01-25 14:14]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-04-06 22:24]
    S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys []
    S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-925.sys [2004-06-24 12:52]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-18 17:28:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-24 21:38:59 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    "2008-01-18 16:16:29 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2008-01-25 13:18:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-01-24 14:00:00 C:\WINDOWS\Tasks\vider le dossier prefetch automatiquement.job"
    - C:\WINDOWS\prefetchnet.net
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 14:16:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    Temps d'accomplissement: 2008-01-25 14:18:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-25 13:18:40
    .
    2008-01-24 23:34:19 --- E O F ---

    Voivi un exemple d'un avertissement avast

    Message suspect :
    Il y a trop de mails identiques envoyés dans un faible intervalle de temps

    Expéditeur : "Heidi Mcneal" <vkpuusnn@bonesframedpictures.com>
    Destinataire : <resume@aonix.com>
    Sujet : Lean and mean is in!

    Et un autre... (pour le plaisir)

    Message suspect :
    Il y a trop de mails identiques envoyés dans un faible intervalle de temps

    Expéditeur : "Elsie Eastman" <teijidovazquez@yahoo.es>
    Destinataire : <dcmoore@wellington.com>
    Sujet : Tired of being overweight? We can help!
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    ______________________

    c'est ca le fichiers exact???

    C:\WINDOWS\system32\drivers\smtpdrv.sys

    _________________

    analyse ces fichiers sur virus total et colle moi les rapports: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\drivers\drtya
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Mary
     
    Merci de ton aide, mais je ne vais pas avoir accès à mon ordi jusqu'à vendredi. je ferais ça et je reposte dans la journée du vendredi.
    Encore merci et à la semaine prochaine !
    bonne nuit, mary
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok aplus
    0
  8. Mary
     
    Alors me revoilà!
    J'ai bien téléchargé SDfix, mais il ne connaît pas la touche Y, il y a A, B, C, D, 1, 2, 3, et E pour exit.
    Qu'est-ce qui cloche avec mon fichier infecté??? lol.
    Et virustotal me dit ca quand je veux lancer l'analyse : "0 bytes size received / Se ha recibido un archivo vacio"

    Voila, j'espère que tu vas pouvoir m'aider!
    a plus tard, Mary
    0
  9. Mary
     
    En fait, c'est carrément le mode sans échec que je peux pas mettre en route! quand je fais f8, j'ai un menu qui apparait 'boot menu' ou il me propose disquette, disque dur, cd rom, et realtek boot agent... surement pour redémarrer windows. Mais pas de mode sans échec... coment je peux y accéder?
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    Hpa58

    File::
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  11. Mary
     
    Hello, voici le rapport ComboFix :

    ComboFix 08-01-23.1C - MAISON 2 2008-01-31 22:58:40.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.472 [GMT 1:00]
    Endroit: C:\Documents and Settings\MAISON 2\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MAISON 2\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    .
    /wow section - STAGE 1

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Drivers\Hpa58.sys . . . . Echec de suppression
    .
    ---- Previous Run -------
    .
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\WINDOWS\system32\6_exception.nls
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\sft.res

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv

    -------\smtpdrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 14:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 15:52 . 2008-01-24 21:54 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 00:01 . 2008-01-23 21:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-21 23:56 . 2008-01-22 23:42 <REP> d-------- C:\Program Files\Panda Security
    2008-01-21 22:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-21 12:59 . 2008-01-21 12:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-20 23:37 . 2008-01-31 23:02 25,984 --a------ C:\WINDOWS\system32\drivers\Hpa58.sys
    2008-01-20 23:37 . 2008-01-20 23:37 2 --a--c--- C:\-1872345472
    2008-01-20 23:36 . 2008-01-20 23:36 54,764 --a------ C:\WINDOWS\system32\drivers\drtya
    2008-01-18 20:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-01-18 20:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-01-18 20:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-01-18 20:02 . 2008-01-18 20:04 <REP> d-------- C:\Program Files\PDF creator
    2008-01-18 18:37 . 2008-01-24 19:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-18 18:37 . 2008-01-18 18:37 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iTunes
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iPod
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\Program Files\QuickTime
    2008-01-12 14:56 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Carte du monde Voyages SNCF dir
    2008-01-12 14:52 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Images du monde Voyages SNCF dir
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-01-08 16:52 . 2008-01-08 16:52 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-08 16:51 . 2008-01-08 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2007-12-27 23:28 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
    2007-12-27 23:19 . 2007-12-27 23:26 <REP> d-------- C:\Program Files\SightSpeed
    2007-12-09 17:10 . 2007-12-09 17:10 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-23 15:36 --------- d-----w C:\Program Files\Plasma Pong
    2008-01-23 15:36 --------- d-----w C:\Program Files\Dictionnairecantonnais
    2008-01-21 22:46 --------- d-----w C:\Program Files\wanadoo_toolbar
    2008-01-08 18:23 --------- d-----w C:\Program Files\EA GAMES
    2007-12-27 22:33 --------- d-----w C:\Program Files\Creative
    2007-12-27 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-06 22:43 --------- d-----w C:\Program Files\Logitech
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_14.18.17.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 13:09:52 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-31 21:58:04 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-25 13:09:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-31 21:58:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-25 13:09:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-31 21:58:04 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-25 13:09:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-31 21:58:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-25 13:09:53 7,307,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    + 2008-01-31 21:58:04 7,307,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    - 2008-01-25 13:09:53 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-31 21:58:04 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-31 22:03:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2f4.dat
    - 2008-01-25 13:15:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat
    + 2008-01-31 22:03:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 19:11 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-24 13:11 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="F:\POURAN~2\avaste\ashDisp.exe" [2007-12-04 14:00 79224]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-14 16:33 185632]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43 53340]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
    "Picasa Media Detector"="F:\Pour Voir\Pikasa\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2004-07-20 09:22 57344 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-08-12 20:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    --a------ 1998-11-30 18:04 497376 C:\WINDOWS\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2001-09-04 22:30 28738 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 02:14 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-14 16:33 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R0 Hpa58;Hpa58;C:\WINDOWS\system32\Drivers\Hpa58.sys [2008-01-31 23:02]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-04-06 22:24]
    S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys []
    S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-925.sys [2004-06-24 12:52]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-25 17:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-24 21:38:59 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    "2008-01-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2008-01-31 22:06:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-01-31 14:00:00 C:\WINDOWS\Tasks\vider le dossier prefetch automatiquement.job"
    - C:\WINDOWS\prefetchnet.net
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-31 23:04:19
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    Temps d'accomplissement: 2008-01-31 23:06:57 - machine was rebooted [MAISON 2]
    ComboFix-quarantined-files.txt 2008-01-31 22:06:54
    .
    2008-01-29 20:00:38 --- E O F ---

    Et voici le Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:09, on 2008-01-31
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    F:\Pour antivirus\avaste\aswUpdSv.exe
    F:\Pour antivirus\avaste\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    F:\Pour antivirus\avaste\ashMaiSv.exe
    F:\Pour antivirus\avaste\ashWebSv.exe
    F:\POURAN~2\avaste\ashDisp.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [avast!] F:\POURAN~2\avaste\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RocketDock.lnk = C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Clean Traces - F:\Pour Telecharger\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - F:\Pour Telecharger\DAP\dapextie.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Download &all with DAP - F:\Pour Telecharger\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm
    O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
    O8 - Extra context menu item: Surligner en Rose - C:\WINDOWS\web\MarqueurFluoPink.htm
    O8 - Extra context menu item: Surligner en Vert - C:\WINDOWS\web\MarqueurFluoGreen.htm
    O8 - Extra context menu item: Télécharger avec Star Downloader - F:\Pour Telecharger\Star doneloder\Star Downloader\sdie.htm
    O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Pour antivirus\avaste\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - F:\Pour antivirus\avaste\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Pour antivirus\avaste\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - F:\Pour antivirus\avaste\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    REFAIS ceci:

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    Hpa58

    File::
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ______________________

    scan ton ordi avec spybot et vire ce qui est trouvé

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    ________________________

    remplace avast par antivir et colle le rapport:

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    ________________________
    encore des problemes? lesquels????
    0
  13. Mary
     
    Voila, bcp de choses à lire en perspective... :-)

    ComboFix

    ComboFix 08-01-23.1C - MAISON 2 2008-02-01 13:06:59.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.536 [GMT 1:00]
    Endroit: C:\Documents and Settings\MAISON 2\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MAISON 2\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    .
    /wow section - STAGE 1

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Drivers\Hpa58.sys . . . . Echec de suppression
    .
    ---- Previous Run -------
    .
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\WINDOWS\system32\6_exception.nls
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\Drivers\Hpa58.sys . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv

    -------\smtpdrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 14:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 15:52 . 2008-01-24 21:54 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 00:01 . 2008-01-23 21:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-21 23:56 . 2008-01-22 23:42 <REP> d-------- C:\Program Files\Panda Security
    2008-01-21 22:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-21 12:59 . 2008-01-21 12:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-20 23:37 . 2008-02-01 13:10 25,984 --a------ C:\WINDOWS\system32\drivers\Hpa58.sys
    2008-01-20 23:37 . 2008-01-20 23:37 2 --a--c--- C:\-1872345472
    2008-01-20 23:36 . 2008-01-20 23:36 54,764 --a------ C:\WINDOWS\system32\drivers\drtya
    2008-01-18 20:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-01-18 20:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-01-18 20:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-01-18 20:02 . 2008-01-18 20:04 <REP> d-------- C:\Program Files\PDF creator
    2008-01-18 18:37 . 2008-01-24 19:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-18 18:37 . 2008-01-18 18:37 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iTunes
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iPod
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\Program Files\QuickTime
    2008-01-12 14:56 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Carte du monde Voyages SNCF dir
    2008-01-12 14:52 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Images du monde Voyages SNCF dir
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-01-08 16:52 . 2008-01-08 16:52 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-08 16:51 . 2008-01-08 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Apple

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-23 15:36 --------- d-----w C:\Program Files\Plasma Pong
    2008-01-23 15:36 --------- d-----w C:\Program Files\Dictionnairecantonnais
    2008-01-21 22:46 --------- d-----w C:\Program Files\wanadoo_toolbar
    2008-01-08 18:23 --------- d-----w C:\Program Files\EA GAMES
    2007-12-27 22:33 --------- d-----w C:\Program Files\Creative
    2007-12-27 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-27 22:26 --------- d-----w C:\Program Files\SightSpeed
    2007-12-06 22:43 --------- d-----w C:\Program Files\Logitech
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_14.18.17.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 13:09:52 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-02-01 12:06:26 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-25 13:09:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-02-01 12:06:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-25 13:09:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-02-01 12:06:27 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-25 13:09:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-02-01 12:06:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-25 13:09:53 7,307,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    + 2008-02-01 12:06:27 7,307,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
    - 2008-01-25 13:09:53 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-02-01 12:06:27 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-02-01 12:12:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat
    + 2008-02-01 12:12:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4d4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 19:11 68856]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="F:\POURAN~2\avaste\ashDisp.exe" [2007-12-04 14:00 79224]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-14 16:33 185632]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43 53340]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
    "Picasa Media Detector"="F:\Pour Voir\Pikasa\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2004-07-20 09:22 57344 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-08-12 20:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    --a------ 1998-11-30 18:04 497376 C:\WINDOWS\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2001-09-04 22:30 28738 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 02:14 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-14 16:33 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R0 Hpa58;Hpa58;C:\WINDOWS\system32\Drivers\Hpa58.sys [2008-02-01 13:10]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-04-06 22:24]
    S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys []
    S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-925.sys [2004-06-24 12:52]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-25 17:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-24 21:38:59 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    "2008-01-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2008-01-31 22:06:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-01-31 14:00:00 C:\WINDOWS\Tasks\vider le dossier prefetch automatiquement.job"
    - C:\WINDOWS\prefetchnet.net
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-01 13:12:52
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    Temps d'accomplissement: 2008-02-01 13:15:05 - machine was rebooted [MAISON 2]
    ComboFix-quarantined-files.txt 2008-02-01 12:15:02
    .
    2008-01-29 20:00:38 --- E O F ---

    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00, on 2008-02-01
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    F:\Pour antivirus\avaste\aswUpdSv.exe
    F:\Pour antivirus\avaste\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    F:\Pour antivirus\avaste\ashMaiSv.exe
    F:\Pour antivirus\avaste\ashWebSv.exe
    F:\POURAN~2\avaste\ashDisp.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [avast!] F:\POURAN~2\avaste\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RocketDock.lnk = C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Clean Traces - F:\Pour Telecharger\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - F:\Pour Telecharger\DAP\dapextie.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Download &all with DAP - F:\Pour Telecharger\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm
    O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
    O8 - Extra context menu item: Surligner en Rose - C:\WINDOWS\web\MarqueurFluoPink.htm
    O8 - Extra context menu item: Surligner en Vert - C:\WINDOWS\web\MarqueurFluoGreen.htm
    O8 - Extra context menu item: Télécharger avec Star Downloader - F:\Pour Telecharger\Star doneloder\Star Downloader\sdie.htm
    O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Pour antivirus\avaste\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - F:\Pour antivirus\avaste\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Pour antivirus\avaste\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - F:\Pour antivirus\avaste\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    rq:
    pour aller en mode sans echec essaye de demarrer en appuyant sur F5 ou ESC ou suppr à la place de F8

    DESACTIVE LE TEA TIMER DE SPYBOT PENDANT TOUTE LA PROCEDURE!!!

    _____________

    vire ce qui est dnas le dossier quarantine en allant danC puis :

    C:\Documents and Settings\MAISON 2\.housecall6.6\Quarantine

    ________________

    vire ce qui est en quarantaine dans AVG ANTISPYWARE:

    C:\Documents and Settings\MAISON 2\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filE10330D9.dat

    ___________________

    vire ce qui est dnas le dossier quarantine en allant danC puis :

    C:\QooBox\Quarantine\

    ____________

    vire ce qui est dans le dossier MovedFiles en allant danC puis :

    C:\_OTMoveIt\MovedFiles

    _____________

    REFAIS ceci:

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    Hpa58

    File::
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _________________

    désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là
    (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    ____________________

    recolle un rapport antivir
    0
  15. Mary
     
    moi qui croyait que c'était fini...lol

    Alors:
    ComboFix

    ComboFix 08-01-23.1C - MAISON 2 2008-02-01 22:15:10.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.474 [GMT 1:00]
    Endroit: C:\Documents and Settings\MAISON 2\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MAISON 2\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Drivers\Hpa58.sys
    .
    ---- Previous Run -------
    .
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\WINDOWS\system32\6_exception.nls
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\Drivers\Hpa58.sys . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv

    -------\smtpdrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-01 14:27 . 2008-02-01 14:27 <REP> d-------- C:\Program Files\Avira
    2008-02-01 14:06 . 2008-02-01 21:53 <REP> d----c--- C:\TEMP
    2008-01-25 14:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 15:52 . 2008-01-24 21:54 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 00:01 . 2008-01-23 21:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-21 23:56 . 2008-01-22 23:42 <REP> d-------- C:\Program Files\Panda Security
    2008-01-21 22:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-21 12:59 . 2008-01-21 12:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-20 23:37 . 2008-01-20 23:37 2 --a--c--- C:\-1872345472
    2008-01-20 23:36 . 2008-01-20 23:36 54,764 --a------ C:\WINDOWS\system32\drivers\drtya
    2008-01-18 20:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-01-18 20:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-01-18 20:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-01-18 20:02 . 2008-01-18 20:04 <REP> d-------- C:\Program Files\PDF creator
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iTunes
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iPod
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\Program Files\QuickTime
    2008-01-12 14:56 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Carte du monde Voyages SNCF dir
    2008-01-12 14:52 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Images du monde Voyages SNCF dir
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-01-08 16:52 . 2008-01-08 16:52 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-08 16:51 . 2008-01-08 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Apple

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-23 15:36 --------- d-----w C:\Program Files\Plasma Pong
    2008-01-23 15:36 --------- d-----w C:\Program Files\Dictionnairecantonnais
    2008-01-21 22:46 --------- d-----w C:\Program Files\wanadoo_toolbar
    2008-01-08 18:23 --------- d-----w C:\Program Files\EA GAMES
    2007-12-27 22:33 --------- d-----w C:\Program Files\Creative
    2007-12-27 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-27 22:26 --------- d-----w C:\Program Files\SightSpeed
    2007-12-06 22:43 --------- d-----w C:\Program Files\Logitech
    2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\AGFA\message.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_14.18.17.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 13:09:52 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-02-01 21:14:53 1,437,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-25 13:09:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-02-01 21:14:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-25 13:09:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-02-01 21:14:53 1,433,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-25 13:09:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-02-01 21:14:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-25 13:09:53 7,307,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
    + 2008-02-01 21:14:53 7,708,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
    - 2008-01-25 13:09:53 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-02-01 21:14:53 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-02-01 13:42:12 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2008-02-01 21:20:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_20c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 19:11 68856]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-14 16:33 185632]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43 53340]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-01 14:42 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
    "Picasa Media Detector"="F:\Pour Voir\Pikasa\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2004-07-20 09:22 57344 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-08-12 20:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    --a------ 1998-11-30 18:04 497376 C:\WINDOWS\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2001-09-04 22:30 28738 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 02:14 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-14 16:33 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R0 Hpa58;Hpa58;C:\WINDOWS\system32\Drivers\Hpa58.sys []
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-04-06 22:24]
    S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys []
    S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-925.sys [2004-06-24 12:52]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-01 17:28:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-24 21:38:59 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    "2008-02-01 16:16:44 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2008-02-01 16:32:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-02-01 14:00:00 C:\WINDOWS\Tasks\vider le dossier prefetch automatiquement.job"
    - C:\WINDOWS\prefetchnet.net
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-01 22:21:26
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-01 22:23:34 - machine was rebooted [MAISON 2]
    ComboFix-quarantined-files.txt 2008-02-01 21:23:31
    .
    2008-02-01 13:58:05 --- E O F ---

    Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:24:03, on 01/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RocketDock.lnk = C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Clean Traces - F:\Pour Telecharger\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - F:\Pour Telecharger\DAP\dapextie.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Download &all with DAP - F:\Pour Telecharger\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm
    O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
    O8 - Extra context menu item: Surligner en Rose - C:\WINDOWS\web\MarqueurFluoPink.htm
    O8 - Extra context menu item: Surligner en Vert - C:\WINDOWS\web\MarqueurFluoGreen.htm
    O8 - Extra context menu item: Télécharger avec Star Downloader - F:\Pour Telecharger\Star doneloder\Star Downloader\sdie.htm
    O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    recolle un rapport antivir et dis tes soucis
    0
  17. Mary
     
    Alors voilà le rapport antivir.
    Je n'ai plus de souci avec msn, je l'ai réouvert cet aprem pour la première fois depuis le virus et pas de virus propagé chez mes contacts...ça fait plaisir! Plus non plus d'apparition de messages suspects d'avast (normal il est plus la) concernant des mails qui passeraient par mon ordi, et ça c'est vmt chouette parce que ça me pourrissait mon écran! A part ça, j'ai un fichier qu'antivir met en quarantaine qd j'allume mon ordi mais qui réapparait au démarrage suivant : C:\WINDOWS\Temp\BN1.tmp (Is the Trojan horse TR/Agent.EJX).
    Et pour le moment, c'est tout...mais promis, je te fais signe si ça recommence! lol.
    Merci beaucoup, vraiment, pour tout ce que tu as fait!!! jamais j'aurais réussi à nettoyer mon ordi sans toi...
    Au fait, qu'est-ce que je fais de tous ces logiciels sur mon ordi ???

    Mary

    AntiVir PersonalEdition Classic
    Report file date: vendredi 1 février 2008 22:33

    Scanning for 1087915 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: SN100285100300

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:42:11
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 13:42:11
    ANTIVIR3.VDF : 7.0.2.80 239104 Bytes 01/02/2008 13:42:11
    AVEWIN32.DLL : 7.6.0.61 3240448 Bytes 01/02/2008 13:42:12
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 01/02/2008 13:42:12
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 1 février 2008 22:33

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\type
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\start
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\errorcontrol
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\imagepath
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\extparamd
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\Security\security
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\type
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\start
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\errorcontrol
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\imagepath
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\extparamd
    [NOTE] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drtya\Security\security
    [NOTE] The registry entry is invisible.
    '52904' objects were checked, '12' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'CTLCMgr.exe' - '1' Module(s) have been scanned
    Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'CTSched.exe' - '1' Module(s) have been scanned
    Scan process 'V0220Mon.exe' - '1' Module(s) have been scanned
    Scan process 'StartFX.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'CDANTSRV.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    46 processes with 46 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'F:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HDD1>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\catchme2008-02-01_222106.46.zip
    [0] Archive type: ZIP
    --> Hpa58.sys
    [DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
    [INFO] The file was moved to '4817973a.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'F:\' <Données>

    End of the scan: samedi 2 février 2008 00:05
    Used time: 1:32:04 min

    The scan has been done completely.

    9344 Scanning directories
    636864 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    636863 Files not concerned
    9019 Archives were scanned
    2 Warnings
    35 Notes
    52904 Objects were scanned with rootkit scan
    12 Hidden objects were found
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans le dossier quarantine en allant dans poste de travail puis C puis QooBox\Quarantine

    ________________

    REFAIS ceci:

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    Hpa58

    File::

    C:\WINDOWS\system32\drivers\sptd.sys
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ___________________

    encore des problemes????
    0
  19. Mary
     
    Voici les deux rapports :

    Combofix

    ComboFix 08-01-23.1C - MAISON 2 2008-02-03 17:44:05.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.433 [GMT 1:00]
    Endroit: C:\Documents and Settings\MAISON 2\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\MAISON 2\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\WINDOWS\system32\Drivers\Hpa58.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    C:\WINDOWS\system32\drivers\sptd.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\sptd.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-01 22:23 . 2008-02-03 17:44 <REP> d----c--- C:\temp
    2008-02-01 14:27 . 2008-02-01 14:27 <REP> d-------- C:\Program Files\Avira
    2008-01-25 14:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 15:52 . 2008-01-24 21:54 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 00:01 . 2008-01-23 21:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-21 23:56 . 2008-01-22 23:42 <REP> d-------- C:\Program Files\Panda Security
    2008-01-21 22:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-21 12:59 . 2008-01-21 12:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-20 23:37 . 2008-01-20 23:37 2 --a--c--- C:\-1872345472
    2008-01-20 23:36 . 2008-01-20 23:36 54,764 --a------ C:\WINDOWS\system32\drivers\drtya
    2008-01-18 20:04 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-01-18 20:04 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-01-18 20:04 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-01-18 20:02 . 2008-01-18 20:04 <REP> d-------- C:\Program Files\PDF creator
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iTunes
    2008-01-18 18:36 . 2008-01-18 18:36 <REP> d-------- C:\Program Files\iPod
    2008-01-18 18:34 . 2008-01-18 18:35 <REP> d-------- C:\Program Files\QuickTime
    2008-01-12 14:56 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Carte du monde Voyages SNCF dir
    2008-01-12 14:52 . 2008-01-12 16:33 <REP> d-------- C:\WINDOWS\system32\Images du monde Voyages SNCF dir
    2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-01-08 16:52 . 2008-01-08 16:52 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-08 16:51 . 2008-01-08 16:51 <REP> d-------- C:\Program Files\Fichiers communs\Apple

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 15:36 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-23 15:36 --------- d-----w C:\Program Files\Plasma Pong
    2008-01-23 15:36 --------- d-----w C:\Program Files\Dictionnairecantonnais
    2008-01-21 22:46 --------- d-----w C:\Program Files\wanadoo_toolbar
    2008-01-08 18:23 --------- d-----w C:\Program Files\EA GAMES
    2007-12-27 22:33 --------- d-----w C:\Program Files\Creative
    2007-12-27 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-27 22:26 --------- d-----w C:\Program Files\SightSpeed
    2007-12-09 16:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-06 22:43 --------- d-----w C:\Program Files\Logitech
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\AGFA\message.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_14.18.17.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 13:09:52 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-02-03 16:43:41 1,437,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-25 13:09:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-02-03 16:43:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-25 13:09:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-02-03 16:43:41 1,433,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-25 13:09:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-02-03 16:43:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-25 13:09:53 7,307,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
    + 2008-02-03 16:43:41 7,708,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
    - 2008-01-25 13:09:53 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-02-03 16:43:41 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-02-01 13:42:12 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2008-02-01 21:32:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_168.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 19:11 68856]
    "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-14 16:33 185632]
    "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43 53340]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-01 14:42 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
    "Picasa Media Detector"="F:\Pour Voir\Pikasa\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

    C:\Documents and Settings\MAISON 2\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-23 17:27:58 110592]
    RocketDock.lnk - C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-14 15:30:46 126136]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpa58.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2004-07-20 09:22 57344 C:\WINDOWS\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-08-12 20:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    --a------ 1998-11-30 18:04 497376 C:\WINDOWS\p_981116.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2001-09-04 22:30 28738 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2004-10-08 02:14 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-14 16:33 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S0 Hpa58;Hpa58;C:\WINDOWS\system32\Drivers\Hpa58.sys []
    S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-04-06 22:24]
    S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys []
    S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH-925.sys [2004-06-24 12:52]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    *Newly Created Service* - SYSMONLOG
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-01 17:28:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-24 21:38:59 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    "2008-02-01 16:16:44 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2008-02-02 11:00:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-02-03 14:00:00 C:\WINDOWS\Tasks\vider le dossier prefetch automatiquement.job"
    - C:\WINDOWS\prefetchnet.net
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-03 17:46:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-03 17:47:07
    ComboFix-quarantined-files.txt 2008-02-03 16:47:04
    ComboFix2.txt 2008-02-01 21:23:34
    .
    2008-02-01 13:58:05 --- E O F ---

    Et Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51:41, on 03/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0220Mon.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RocketDock.lnk = C:\Program Files\interface vista\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Clean Traces - F:\Pour Telecharger\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - F:\Pour Telecharger\DAP\dapextie.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Download &all with DAP - F:\Pour Telecharger\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm
    O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm
    O8 - Extra context menu item: Surligner en Rose - C:\WINDOWS\web\MarqueurFluoPink.htm
    O8 - Extra context menu item: Surligner en Vert - C:\WINDOWS\web\MarqueurFluoGreen.htm
    O8 - Extra context menu item: Télécharger avec Star Downloader - F:\Pour Telecharger\Star doneloder\Star Downloader\sdie.htm
    O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    0
  20. Mary
     
    Yahouuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu!!!!

    Merci bcp, de ma part mais surtout de la part de mon ordi!!!
    0
Précédent
  • 1
  • 2