PB virus Dldr.purityScan.FK et pub outerinfoRésolu/Fermé

Question

Bonjour,

Apres avoir nettoyé mon ordi suite à des problèmes de virus (scan avec malwarebytes et Antivir), tout semblait propre mais a chaque redemarrage, Antivir me detecte un certain TR/Dldr.PurityScan.FK comme trojan.
De plus, il arive qu une fenetre internet s'ouvre toute seule avec une pub Outerinfo par exemple

Si quelqu un de fort aimable pouvait me guider dans la demarche à suivre, je lui serait grandement reconnaissant.

Je suis sur windows XP SP3.

Merci par avance,

Clément

Destrio5 · Answer

Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

Clément 75 · Answer

Salut Destrio5 et merci pour ton aide

Voici le scan hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:59, on 27/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32undll32.exe
C:\acer\epm\epm-dm.exe
C:\TYPSOF~1\ftpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control
hc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\clement\Application Data\?ystem32\d?xplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NDAS\System
dassvc.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride 

= *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-

C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program 

Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {01B5DCC8-84C3-4AB9-BB78-238228596094} - C:\WINDOWS\system32

\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {024A4988-CAEE-4911-A273-8E9979341BA7} - C:\WINDOWS\system32

\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {036BB991-84C3-4AB9-BB78-238228596094} - C:\WINDOWS\system32

\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {04949311-CAEE-4911-A273-8E9979341BA7} - C:\WINDOWS\system32

\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - 

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 

Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-

0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program 

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program 

Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control 

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe 

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3

\hpztsb04.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil 

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 

/IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 

/SYNC
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] 

HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0

\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program 

Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware 

Control
hc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program 

Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" 

/tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05

\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers 

communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers 

communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Win2DS] "C:\Documents and Settings\clement\Bureau\Win2DS.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software 

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition 

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 

1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveSticker] "C:\Program Files\Nosibay\Livesticker\launcher.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft 

ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\clement\Application 

Data\Microsoft\Windows\oeepua.exe
O4 - HKCU\..\Run: [Qwifgf] "C:\Documents and Settings\clement\Application Data\?

ystem32\d?xplore.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 

'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 

'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 

'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program 

Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers 

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft 

Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers 

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital 

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - 

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1

\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-

070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program 

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-

47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program 

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - 

http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - 

https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - 

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - 

http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - 

https://www.touslesdrivers.com/index.php?v_page=29

2_0.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) 

- http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - 

https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) 

- http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - 

http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - 

http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/inst

all/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - 

https://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - 

http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - 

http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - 

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1

\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: smbqbn.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers 

communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - 

C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) 

- Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - 

Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers 

communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program 

Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY 

Shared\Service\Boonty.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - 

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - 

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                         

                            - C:\Program Files\Fichiers communs\InstallShield 

Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program 

Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-

config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - 

C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program 

Files\NDAS\System
dassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel 

Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel 

Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program 

Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32

\Pen_Tablet.exe
O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl

Destrio5 · Answer

On va tester quelque chose :

- Télécharge MSNFix.zip (de !aur3n7) sur le bureau: 
http://sosvirus.changelog.fr/MSNFix.zip 

- Décompresse-le (clic droit >> Extraire ici).

- Double-clique sur le fichier MSNFix.bat. 

- Exécute l'option R. 
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage 

Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal. 

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.t, poste-le.

Clément 75 · Answer

Salut,
J ai lancer MSNFix.bat et il a analysé qu il y avait des trucs infectés. J ai fait l option R pour nettoyer et il m a en effet fait redemarrer. En arrivant dans windows, il m a remis un message (MSNFix) dans une fenetre pour me dire que cetait encore infecté (ou un tuc comme ca ). Antivir m a a nouveau detecté le virus TR/DLdr.PurityScan.FK.

Par contre, désolé mais je n ai pas trouvé le rapport : 

- J ai un fichier nommé "selectnet.txt" qui est vide

- Un fichier "Temp.txt" : 

[C:\WINDOWS\system32\winhlp32.exe] 577624F19D0441C9111F2AF26C81E04D
[C:\WINDOWS\system32\winmsd.exe] 7EBF8A4B608AFB79C67F4E4A9C5885BB
[C:\WINDOWS\system32\winspool.exe] 0B4B94B78123E8035B84105BC024F9F8
[C:\WINDOWS\system32\winchat.exe] 2A99260794224489F29B628717B7947E
[C:\WINDOWS\system32\winmine.exe] EA682C022F7204CC8E8C9EF5DCE29356
[C:\WINDOWS\system32\winver.exe] 61E80B60CD30D995E80702623BE47B9D
[C:\WINDOWS\system32\WinFXDocObj.exe] 660336AD0305C852122C5EEBBACE9BAF
[C:\WINDOWS\system32\winlogon.exe] DD73D6B9F6B4CB630CF35B438B540174

- Et un fichier "MD5.txt"

winhlp32.exe
winmsd.exe
winspool.exe
winchat.exe
winmine.exe
winver.exe
WinFXDocObj.exe
winlogon.exe


Sinon un autre fichier "catchme.log" sur le bureau :

read file error: C:\DOCUME~1\clement\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\clement\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.


De plus un dossier s'est créé avec plein de .exe sur le bureau qui s'appelle "Upload_Me"...

Voila voila, je sais pas si ca peut t aider !?

Destrio5 · Answer

Le fichier Upload_Me, envoie-le à Malekal :
http://upload.malekal.com/

Destrio5 · Answer

* Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
* Choisis ton compte.

Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt.

Clément 75 · Answer

C est fait, par contre en redemarrant, et apres le finished de SDFix, Antivir a a nouveau detecté notre ami TR/Dldr.PurityScan.FK   mais peut etre est-ce normal et moi un peu trop impatient!
Il a l air de s'etre placer bien profond dans l ordi si je peux me permettre !

Voici le rapport SDFix :


[b]SDFix: Version 1.229 [/b]
Run by clement on 27/09/2008 at 18:48

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\clement\Bureau\SDFix\SDFix

[b]Checking Services [/b]:

[b]Name [/b]: 
tdssserv

[b]Path [/b]:
\systemroot\system32\drivers\TDSSserv.sys 

tdssserv - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\Documents and Settings\clement\Application Data\Adobe\crc.dat - Deleted
C:\WINDOWS\antiv.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 18:54:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\3dsmax 6\3dsmax.exe"="C:\Program Files\3dsmax 6\3dsmax.exe:*:Enabled:3ds max application"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\eMule\eMule.exe"="C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"="C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\3dsMax8\VRLServer.exe"="C:\Program Files\Autodesk\3dsMax8\VRLServer.exe:*:Enabled:VRLServer"
"D:\logiciel 3d en vrac\VRAY v1.50 for 3DsMax 7 and 8 + Crk + install info\install VRay v1.50\Vray 1.50\VRLServer.exe"="D:\logiciel 3d en vrac\VRAY v1.50 for 3DsMax 7 and 8 + Crk + install info\install VRay v1.50\Vray 1.50\VRLServer.exe:*:Enabled:VRLServer"
"C:\Program Files\BPFTP Server\bpftpserver.exe"="C:\Program Files\BPFTP Server\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"C:\TYPSoft FTP Server\ftpserv.exe"="C:\TYPSoft FTP Server\ftpserv.exe:*:Enabled:TYPSoft FTP Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Ma‹do Production\IziSpot 3\IziSpot.exe"="C:\Program Files\Ma‹do Production\IziSpot 3\IziSpot.exe:*:Enabled:IziSpot"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microprose\Grand Prix 3\gp3.exe"="C:\Program Files\Microprose\Grand Prix 3\gp3.exe:*:Enabled:gp3"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\MaxTV\maxtv.exe"="C:\Program Files\MaxTV\maxtv.exe:*:Enabled:MaxTV Online"
"C:\Program Files\Valusoft\18 Wheels of Steel - Across America\prism3d.exe"="C:\Program Files\Valusoft\18 Wheels of Steel - Across America\prism3d.exe:*:Enabled:prism3d"
"C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2006 - Demo\PCM.EXE"="C:\Program Files\Cyanide\Pro Cycling Manager - Saison 2006 - Demo\PCM.EXE:*:Enabled:pcm"
"C:\Program Files\Virtools\Virtools 4.0\VRPack\VRRemote\VRRemoteDaemon.exe"="C:\Program Files\Virtools\Virtools 4.0\VRPack\VRRemote\VRRemoteDaemon.exe:*:Enabled:Virtools VRPack Remote Daemon"
"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe"="C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd"
"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.EXE"="C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.EXE:*:Enabled:CATIA"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\CLEMENT\Bureau\Win2DS.exe"="C:\Documents and Settings\CLEMENT\Bureau\Win2DS.exe:*:Enabled:Win2DS"
"C:\Documents and Settings\CLEMENT\Bureau\DS2Key.exe"="C:\Documents and Settings\CLEMENT\Bureau\DS2Key.exe:*:Enabled:DS2Key"
"C:\Program Files\Microsoft Expression\Media 1.0\Media.exe"="C:\Program Files\Microsoft Expression\Media 1.0\Media.exe:*:Enabled:iView Multimedia"
"C:\Documents and Settings\CLEMENT\Bureau\DSMouse\PerformMouse.exe"="C:\Documents and Settings\CLEMENT\Bureau\DSMouse\PerformMouse.exe:*:Enabled:PerformMouse"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Copytracker\apache\bin\apache.exe"="C:\Program Files\Copytracker\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Copytracker\mysql\bin\mysqld.exe"="C:\Program Files\Copytracker\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\WINDOWS\System32\FXSCLNT.exe"="C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft  Fax Console"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Next Limit\Maxwell\mxcl.exe"="C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Enabled:mxcl"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\clement\Bureau\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri  7 Jul 2006           960 A.SH. --- "C:\z0ejaw3o.sys"
Wed 29 Dec 2004         1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Wed 29 Dec 2004         1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 29 Dec 2004         1,024 ...HR --- "C:\WINDOWS\system32
tiembed.dll"
Wed  3 May 2006       163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007        31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sat 27 Sep 2008        68,608 ..SHR --- "C:\WINDOWS\??curity\msdtc.exe"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu  5 Jun 2003        24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
Sun 18 Feb 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004        76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Wed 22 Dec 2004        16,384 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 20 Jan 2005        11,344 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun  5 Aug 2001           741 ..SH. --- "C:\Program Files\Pixologic\ZBrush3\zmem02svr.dll"
Wed  6 Feb 2008        72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Sun 26 Jun 2005       616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Fri 27 Oct 2006        15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Mon 11 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 29 May 2008       230,400 ..SHR --- "C:\Documents and Settings\clement\Application Data\?ystem32\d?xplore.exe"
Tue  4 Jun 2002        84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat  3 Nov 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderaac.dll"
Sun  9 Jun 2002       525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernco3260.dll"
Tue 10 Dec 2002       245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernlt3260.dll"
Tue 10 Dec 2002        45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv103260.dll"
Tue 10 Dec 2002        98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv203260.dll"
Tue 10 Dec 2002        94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv303260.dll"
Tue 10 Dec 2002        90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv403260.dll"
Tue 10 Dec 2002       102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder	okr3260.dll"
Tue 20 May 2008       263,680 ...H. --- "C:\Documents and Settings\clement\Application Data\Microsoft\ModŠles\~WRL0003.tmp"
Tue  3 Jun 2008       284,160 ...H. --- "C:\Documents and Settings\clement\Application Data\Microsoft\ModŠles\~WRL0005.tmp"
Mon 12 Feb 2007     3,096,576 A..H. --- "C:\Documents and Settings\clement\Application Data\U3	emp\Launchpad Removal.exe"

[b]Finished![/b]

Encore merci !!

Destrio5 · Answer

Tu as une très vilaine cochonnerie.

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

Clément 75 · Answer

ok j fais ca mais j ai pas trop d espoirs car j en ai deja fait deux avant de poster mais j le lance, on sait jamais.
A plus tard, merci beaucoup

Clément 75 · Answer

Je comprend pas, MBAM a detecté un truc qui ressemblait mais en redemarrant ,xp Antivir a encore mit le message...
:(

rapport MBAM :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1214
Windows 5.1.2600 Service Pack 3

27/09/2008 19:50:18
mbam-log-2008-09-27 (19-50-18).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 233092
Temps écoulé: 35 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\clement\Local Settings\Temporary Internet Files\Content.IE5\1HBOGM3Q\!update-4495[1].0000 (Adware.PurityScan) -> Quarantined and deleted successfully.

........................................................................................................................................................
Je te mets le texte d Antivir

Last file found :

C:\Documents and Settings\clement\Local Settings\Temp\NDR5.tmp

Last virus or unwanted program found :

TR/Dldr.PurityScan.FK



Je suis un peu perdu, j avoue :(

Destrio5 · Answer

Supprime les fichiers temporaires dans Internet Explorer.

clement75 · Answer

C etait une bonne idée mais non, en redemarrant c est revenu en redemarrant xp..................

Antivir :

C:\Documents and Settings\clement\Local Settings\Temp\NDR6.tmp 

à la place de 

C:\Documents and Settings\clement\Local Settings\Temp\NDR5.tmp 


Ca resiste vraiment cette s....perie!!!
J suis vraiment desolé, merci pour ta patience...

Destrio5 · Answer

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f  puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

clement75 · Answer

Search Navipromo version 3.6.5 commencé le 27/09/2008 à 20:34:50,29

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "clement" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\clement\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\clement\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\clement\menud+~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\clement\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\clement\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 27/09/2008 à 20:37:14,76 ***

Destrio5 · Answer

Relance Navilog1, fais l'option 2 et poste le rapport.

clement75 · Answer

(au redemarrage xp le message d Antivir etait encore la......)

............................................................................................................................................................

Clean Navipromo version 3.6.5 commencé le 27/09/2008 à 20:43:28,87

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "clement" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : FAT32

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\clement\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1

\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\clement\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\clement\locals~1\applic~1" 

*** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\clement\menud+~1\progra~1" 

*** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\clement\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\clement\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 27/09/2008 à 20:46:54,46 ***

Destrio5 · Answer

Bizarre, normalement, le dossier temp a été vidé.

clement75 · Answer

je redemarre encore pour te confirmer

clement75 · Answer

Ba mince alors, il est bien encore la

Dans C:\Documents and Settings\clement\Local Settings\Temp, Ya plusieurs fichiers qui ressemble à la detection
d Antivir (NDR1.tmp, NDR5.tmp, NDR7.tmp) mais pas de NDR6.tmp comme le detecte Antivir
Il est peu etre masqué? Je dis ca mais j y connais rien du tout...

Aie aie, dsolé pour tout ce temps...

Destrio5 · Answer

Utilise ceci :
http://www.commentcamarche.net/telecharger/telecharger 34055102 cleanup

clement75 · Answer

ca a nettoyé plein de truc mais rien dans local setting/temp

Ya-il-une maniere de l utiliser?

Destrio5 · Answer

Je ne m'en souviens plus.

Fais un scan avec Antivir en mode sans échec.

clement75 · Answer

j ai fait un scan en mode sans echec de local setting : le virus a ete detecté. Je le detruit. Je refais un scan, il n'apparait plus. Je redemarre en mode normal xp et la Antivir le detecte a nouveau.
J ai l impression que le virus se recrée a chaque demarrage... La "base" du virus a l air de se trouver ailleur que dans local setting. Encore une fois, c est une impression, j y connait rien :(

Je sens que je vais devoir apprendre a vivre avec...

Destrio5 · Answer

Fais un nouveau rapport HijackThis.

clement75 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:19, on 27/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32undll32.exe
C:\acer\epm\epm-dm.exe
C:\TYPSOF~1\ftpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control
hc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers 

communs\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\clement\Application Data\?ystem32\d?

xplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk 

Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17

\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Autodesk\3dsMax8

\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\NDAS\System
dassvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product 

Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL 

= https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet 

Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/?ref=go

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet 

Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet 

Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet 

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet 

Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up 

- {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-

5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {01B5DCC8-84C3-4AB9-BB78-238228596094} - 

C:\WINDOWS\system32\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {024A4988-CAEE-4911-A273-8E9979341BA7} - 

C:\WINDOWS\system32\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {036BB991-84C3-4AB9-BB78-238228596094} - 

C:\WINDOWS\system32\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {04949311-CAEE-4911-A273-8E9979341BA7} - 

C:\WINDOWS\system32\lcwcvkwp.dll (file missing)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no 

file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-

A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet 

Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-

206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f

-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - 

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - 

C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI 

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe 

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32

\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" 

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch 

Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32

\NeroCheck.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High 

Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program 

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program 

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program 

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program 

Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 

C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program 

Files\Notebook Hardware Control
hc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program 

Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program 

Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program 

Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers 

communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers 

communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Win2DS] "C:\Documents and 

Settings\clement\Bureau\Win2DS.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program 

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP 

Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] 

HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir 

PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-

Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN 

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LiveSticker] "C:\Program 

Files\Nosibay\Livesticker\launcher.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program 

Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Qwifgf] "C:\Documents and 

Settings\clement\Application Data\?ystem32\d?xplore.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program 

Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers 

communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program 

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program 

Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program 

Files\UltraMon\UltraMon.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program 

Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - 

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05

\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-

9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-

00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... 

- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1

\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - 

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} 

- C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration 

- {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - C:\WINDOWS\Network 

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter 

Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX 

Player) - 

http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl 

Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin 

Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl 

Class) - http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection 

Control) - 

https://www.touslesdrivers.com/index.php?v_page=29

redetection_3_0_2_0.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics 

Cortona Control) - 

http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - 

https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO 

Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex 

Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash 

Object) - 

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c

ab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools 

WebPlayer Class) - 

http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/

6712/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent 

ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail 

Attachments Control) - 

http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX 

Class) - 

http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de 

DownloadManager) - 

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-

2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - 

C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: smbqbn.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program 

Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA 

Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler 

(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir 

PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard 

(AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir 

PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - 

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32

\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program 

Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - 

C:\Program Files\Dassault Systemes\B17

\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers 

communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel 

Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision 

Corporation - C:\Program Files\Fichiers 

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision         

                                            - C:\Program 

Files\Fichiers communs\InstallShield Shared\Service\InstallShield 

Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program 

Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - 

C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown 

owner - C:\Program Files\Autodesk\3dsMax8

\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program 

Files\NDAS\System
dassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32

\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - 

Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - 

Intel Corporation  - C:\Program 

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program 

Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - 

C:\WINDOWS\system32\Pen_Tablet.exe
O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl

Destrio5 · Answer

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

clement75 · Answer

Le pc n a pas redemarrer. Lors du rapport, une fenetre m a indiquer : Erreur de script dans internet explorer (...) URL : .......local setting/temp/NDR63.temp.html Je sais pas si ca a son importance... Le rapport : ComboFix 08-09-27.01 - clement 2008-09-27 22:03:05.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1497 [GMT 2:00] Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\curity~1 C:\WINDOWS\curity~1\??curity\ C:\WINDOWS\curity~1\msdtc.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 )))))))))))))))))))))))))))))))))))) . 2008-09-27 21:11 . 2008-09-27 21:11 d-------- C:\Program Files\CleanUp! 2008-09-27 20:59 . 2008-09-27 20:59 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-09-27 20:33 . 2008-09-27 20:33 d-------- C:\Program Files\Navilog1 2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-09-27 18:43 . 2008-09-27 18:43 d-------- C:\WINDOWS\ERUNT 2008-09-27 18:34 . 2008-09-25 04:31 d-------- C:\SDFix 2008-09-27 17:52 . 2008-09-27 17:52 d-------- C:\Program Files\Trend Micro 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\fr 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\bits 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\l2schemas 2008-09-27 14:02 . 2008-09-27 14:02 d-------- C:\WINDOWS\ServicePackFiles 2008-09-27 13:27 . 2008-09-27 13:27 d--hs---- C:\FOUND.005 2008-09-27 03:58 . 2008-09-27 20:21 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico 2008-09-27 03:58 . 2008-09-27 20:21 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico 2008-09-27 03:47 . 2008-09-27 03:47 d-------- C:\Documents and Settings\clement\Application Data\?ystem32 2008-09-26 23:35 . 2008-09-26 23:35 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-26 21:53 . 2008-09-26 21:53 d-------- C:\Program Files\Next Limit 2008-09-26 21:16 . 2008-09-26 21:16 d-------- C:\WINDOWS\system32\URTTEMP 2008-09-23 22:24 . 2008-09-23 22:24 d--hs---- C:\WINDOWS\ftpcache 2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-16 11:07 . 2008-09-16 11:07 d-------- C:\Documents and Settings\clement\Application Data\U3 2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db 2008-09-06 03:11 . 2008-09-06 03:11 d-------- C:\Program Files\Call of Duty 2008-09-06 02:59 . 2008-09-06 02:59 d-------- C:\Program Files\D-Tools 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Program Files\AskSBar 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\clement\Application Data\Azureus 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-30 23:08 . 2008-08-30 23:09 d-------- C:\Program Files\Azureus . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-27 19:41 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp 2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr 2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe 2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT 2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-30 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Qwifgf"="C:\Documents and Settings\clement\Application Data\?ystem32\d?xplore.exe" [?] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216] "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760] "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 C:\WINDOWS\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\ No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104] Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=smbqbn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Messenger\MSMSGS.EXE"= "C:\Program Files\eMule\eMule.exe"= "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"= "C:\Program Files\Autodesk\backburner\monitor.exe"= "C:\Program Files\Autodesk\backburner\manager.exe"= "C:\Program Files\Autodesk\backburner\server.exe"= "C:\Program Files\Autodesk\3dsMax8\VRLServer.exe"= "C:\TYPSoft FTP Server\ftpserv.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Microsoft Expression\Media 1.0\Media.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\WINDOWS\System32\FXSCLNT.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25845:TCP"= 25845:TCP:PORT_25845 "19857:TCP"= 19857:TCP:PORT_19857 "16773:TCP"= 16773:TCP:PORT_16773 "15758:TCP"= 15758:TCP:PORT_15758 "6548:TCP"= 6548:TCP:PORT_6548 "5716:TCP"= 5716:TCP:PORT_5716 "18141:TCP"= 18141:TCP:PORT_18141 "16172:TCP"= 16172:TCP:PORT_16172 "33762:TCP"= 33762:TCP:PORT_33762 "30680:TCP"= 30680:TCP:PORT_30680 "40560:TCP"= 40560:TCP:PORT_40560 "37024:TCP"= 37024:TCP:PORT_37024 "39312:TCP"= 39312:TCP:PORT_39312 "61223:TCP"= 61223:TCP:PORT_61223 "21336:TCP"= 21336:TCP:PORT_21336 "53457:TCP"= 53457:TCP:PORT_53457 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184] R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912] R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304] R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480] R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288] R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878] R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664] R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632] R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100] R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308] S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-07-24 69120] S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640] S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}] \Shell\AutoRun\command - H:\[u]0[/u]u.cmd \Shell\explore\Command - H:\[u]0[/u]u.cmd \Shell\open\Command - H:\[u]0[/u]u.cmd *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - BHO-{01B5DCC8-84C3-4AB9-BB78-238228596094} - C:\WINDOWS\system32\lcwcvkwp.dll BHO-{024A4988-CAEE-4911-A273-8E9979341BA7} - C:\WINDOWS\system32\lcwcvkwp.dll BHO-{036BB991-84C3-4AB9-BB78-238228596094} - C:\WINDOWS\system32\lcwcvkwp.dll BHO-{04949311-CAEE-4911-A273-8E9979341BA7} - C:\WINDOWS\system32\lcwcvkwp.dll BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) HKCU-Run-LiveSticker - C:\Program Files\Nosibay\Livesticker\launcher.exe HKLM-Run-Win2DS - C:\Documents and Settings\clement\Bureau\Win2DS.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\clement\Application Data\Mozilla\Firefox\Profiles\cd3cekbm.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-27 22:05:51 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt" . Heure de fin: 2008-09-27 22:06:19 ComboFix-quarantined-files.txt 2008-09-27 20:06:18 Avant-CF: 14ÿ401ÿ634ÿ304 octets libres Après-CF: 14,417,657,856 octets libres 267 --- E O F --- 2008-09-27 12:09:09

Clément75 · Answer

J ai cherché partout sur internet, j suis perdu, je vais me coucher...merci infiniment pour ton aide d aujourd hui

PurityScan, je m en souviendrais de celui la !! Il est coriace...

A+ et encore merci

Destrio5 · Answer

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

Clément75 · Answer

ok c est fait
je fait quoi apres?

Destrio5 · Answer

Je te ferai un script pour ComboFix demain, je suis un peu crevé.

clément75 · Answer

Tu m etonnes que t es fatigué!!
Je te remercie vraiment  tres sincerement.
A Demain, bonne nuit bien meritée

Destrio5 · Answer

---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

clément75 · Answer

bonjour destrio5,

voici le rapport :


   -----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 2.00GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : clement ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
   C:\ (Local Disk) - FAT32 - Total : 44 Go Free : 14 Go
   D:\ (Local Disk) - FAT32 - Total : 45 Go Free : 22 Go
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [1] ( 28/09/2008|11:49 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskSBar
   C:\Program Files\AskSBar\bar
   C:\Program Files\AskSBar\SrchAstt
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\NewCfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vmntoolbartb0500.cfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\img_games1_5.cfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games1_5.cfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\logo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gograph.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	ools.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\popup_off.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\popup_on.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gaming.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\login.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dictionary.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	ranslate.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\web.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred4_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred4.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred3_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred3.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred2_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred2.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred1_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred1.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred0_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred0.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ews.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\background2.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\highlight.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\zoom.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\hideremove.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbareport.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\autofill.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pestscanimg.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red1.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red2.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red3.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red4.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ew02.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\storage.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\slider.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss1.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\security.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\yahoo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_images.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_news.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_products.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_domain.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_people.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ipsearch.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_dictionnary.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\siteinfo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarelatedlinks.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_software.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_ency.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	hes_search.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_music.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_stocks.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_aries.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_taurus.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_gemini.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_cancer.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_leo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_virgo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_libra.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_scorpio.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_capricorn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_aquarius.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_pisces.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_video.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_graphic.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_argentine.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_australia.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_brazil.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_canada.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_china.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_france.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_germany.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_greece.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_india.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_italy.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_japan.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_mexico.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_spain.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_uk.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_usa.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_korea.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\avstate.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\a.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\an.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\b.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\c.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\cn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\d.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\fn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\g.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\hn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\i.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\in.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\j.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\jn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\k.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\kn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\l.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ln.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
n.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\o.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\on.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\p.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\q.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\qn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\s.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\sn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	n.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\u.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\un.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\v.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\w.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\wn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\x.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\z.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\zn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarssmenu1_5b.zip
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Space explorer.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Stone Breaker.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\sweet tooth.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Tanks.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Tower Defence.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	oy cars.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vmlib.js
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\worm.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dropdown.css
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_dark.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_green.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_white.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_down.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_red.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_red2.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_up.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_300px.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_cityweather.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_pub.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_story.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_tblresults.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_ttl.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_close.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_minus.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\game_placeholder.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\loading.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pubplaceholder.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\spacer.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\xp_close_small.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\234x60storage-dropdownEN.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\4x4 Rally.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\add_en.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Air Dodge.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Alien.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Alpha Bravo Charlie.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Balloony.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Battle Tanks.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Black Jack.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Bowling.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Connect 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Cowboy Bullet.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\cubeez.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\curve ball.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\fish eat fish.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Flashludo.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Fly plane.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Flyplane.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\forest challenge 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gold diggers.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Hungry Space.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\indiana jones.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ma balls.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Memory Trial.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini nitros.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\minipool2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Muay Thai.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
aval gun.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Office Paintball v2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\overlord.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pig wars.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Raidenx.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss.xsl
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\war games.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\micro tanks.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bomber bob.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\keep ups 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini pool.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini putt 3.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\show jumping.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	able tennis.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\virtual cop.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini pool 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\galaxians.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\air hockey.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Bubble Bobble The Revival.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	etris.JPG
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games.xml
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\alias.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_games4.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_games3.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarsslib.js
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ews.html
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games.js
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gamesmenu.html
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   C:\WINDOWS\iun6002.exe

   -----------\  Extensions

   (clement) - {e968fc70-8f95-4ab9-9e79-304de2a71ee1} => useragentswitcher


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Start Page"="https://www.google.com/?gws_rd=ssl"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKLM\..\ControlSet003\Services	dssserv]




   1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2008|11:50 - Option : [1]

   -----------\  Fin du rapport a 11:50:33,39

Destrio5 · Answer

Fais l'option 2 de ToolBar S&D.

clément75 · Answer

-----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 2.00GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : clement ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
   C:\ (Local Disk) - FAT32 - Total : 44 Go Free : 14 Go
   D:\ (Local Disk) - FAT32 - Total : 45 Go Free : 22 Go
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [1] ( 28/09/2008|11:49 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskSBar
   C:\Program Files\AskSBar\bar
   C:\Program Files\AskSBar\SrchAstt
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\NewCfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vmntoolbartb0500.cfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\img_games1_5.cfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games1_5.cfg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\logo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gograph.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	ools.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\popup_off.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\popup_on.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gaming.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\login.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dictionary.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	ranslate.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\web.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred4_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred4.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred3_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred3.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred2_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred2.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred1_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred1.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred0_5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred0.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ews.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\background2.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\highlight.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\zoom.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\hideremove.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbareport.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\autofill.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pestscanimg.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red1.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red2.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red3.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red4.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red5.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ew02.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\storage.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\slider.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss1.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\security.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\yahoo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_images.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_news.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_products.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_domain.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_people.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ipsearch.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_dictionnary.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\siteinfo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarelatedlinks.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_software.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_ency.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	hes_search.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_music.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_stocks.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_aries.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_taurus.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_gemini.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_cancer.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_leo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_virgo.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_libra.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_scorpio.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_capricorn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_aquarius.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_pisces.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_video.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_graphic.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_argentine.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_australia.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_brazil.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_canada.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_china.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_france.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_germany.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_greece.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_india.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_italy.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_japan.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_mexico.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_spain.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_uk.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_usa.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_korea.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\avstate.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\a.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\an.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\b.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\c.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\cn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\d.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\fn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\g.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\hn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\i.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\in.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\j.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\jn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\k.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\kn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\l.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ln.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
n.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\o.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\on.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\p.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\q.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\qn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\s.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\sn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	n.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\u.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\un.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\v.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\w.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\wn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\x.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\z.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\zn.bmp
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarssmenu1_5b.zip
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Space explorer.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Stone Breaker.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\sweet tooth.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Tanks.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Tower Defence.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	oy cars.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vmlib.js
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\worm.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dropdown.css
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_dark.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_green.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_white.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_down.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_red.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_red2.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_up.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_300px.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_cityweather.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_pub.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_story.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_tblresults.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_ttl.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_close.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_minus.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\game_placeholder.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\loading.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pubplaceholder.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\spacer.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\xp_close_small.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\234x60storage-dropdownEN.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\4x4 Rally.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\add_en.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Air Dodge.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Alien.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Alpha Bravo Charlie.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Balloony.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Battle Tanks.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Black Jack.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Bowling.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Connect 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Cowboy Bullet.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\cubeez.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\curve ball.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\fish eat fish.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Flashludo.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Fly plane.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Flyplane.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\forest challenge 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gold diggers.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Hungry Space.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\indiana jones.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ma balls.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Memory Trial.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini nitros.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\minipool2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Muay Thai.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
aval gun.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Office Paintball v2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\overlord.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pig wars.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Raidenx.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss.xsl
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\war games.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\micro tanks.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bomber bob.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\keep ups 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini pool.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini putt 3.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\show jumping.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	able tennis.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\virtual cop.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini pool 2.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\galaxians.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\air hockey.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Bubble Bobble The Revival.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	etris.JPG
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games.xml
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\alias.jpg
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_games4.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_games3.gif
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbarsslib.js
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ews.html
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games.js
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gamesmenu.html
   C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   C:\WINDOWS\iun6002.exe

   -----------\  Extensions

   (clement) - {e968fc70-8f95-4ab9-9e79-304de2a71ee1} => useragentswitcher


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Start Page"="https://www.google.com/?gws_rd=ssl"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKLM\..\ControlSet003\Services	dssserv]




   1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2008|11:50 - Option : [1]

   -----------\  Fin du rapport a 11:50:33,39

Destrio5 · Answer

Ça, c'est l'option 1. J'ai demandé l'option 2.

clément75 · Answer

Desolé,  ai fait un mauvais copier coller


   -----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 2.00GHz )
   BIOS : Phoenix NoteBIOS 4.0 Release 6.1     
   USER : clement ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
   C:\ (Local Disk) - FAT32 - Total : 44 Go Free : 14 Go
   D:\ (Local Disk) - FAT32 - Total : 45 Go Free : 22 Go
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [2] ( 28/09/2008|12:34 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\AskSBar\bar
   Supprime! - C:\Program Files\AskSBar\SrchAstt
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\NewCfg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vmntoolbartb0500.cfg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\img_games1_5.cfg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games1_5.cfg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\logo.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gograph.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	ools.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\popup_off.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\popup_on.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gaming.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\login.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dictionary.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	ranslate.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\web.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred4_5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred4.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred3_5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred3.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred2_5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred2.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred1_5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred1.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred0_5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\graphred0.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ews.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\background2.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\highlight.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\zoom.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\hideremove.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbareport.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\autofill.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pestscanimg.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red1.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red2.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red3.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red4.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\stars-red5.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ew02.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\storage.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\slider.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss1.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\security.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\yahoo.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_images.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_news.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_products.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_domain.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_people.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ipsearch.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_dictionnary.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\siteinfo.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarelatedlinks.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_software.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_ency.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	hes_search.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_music.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_stocks.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_aries.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_taurus.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_gemini.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_cancer.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_leo.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_virgo.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_libra.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_scorpio.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_capricorn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_aquarius.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h_pisces.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_video.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\search_graphic.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_argentine.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_australia.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_brazil.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_canada.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_china.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_france.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_germany.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_greece.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_india.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_italy.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_japan.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_mexico.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_spain.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_uk.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_usa.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_korea.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\avstate.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\a.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\an.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\b.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\c.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\cn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\d.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\fn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\g.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\h.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\hn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\i.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\in.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\j.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\jn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\k.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\kn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\l.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ln.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
n.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\o.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\on.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\p.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\q.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\qn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\s.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\sn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	n.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\u.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\un.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\v.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\w.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\wn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\x.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\z.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\zn.bmp
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarssmenu1_5b.zip
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Space explorer.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Stone Breaker.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\sweet tooth.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Tanks.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Tower Defence.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	oy cars.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\vmlib.js
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\worm.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\dropdown.css
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_dark.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_green.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\1px_white.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_down.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_red.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_red2.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\arrow_up.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_300px.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_cityweather.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_pub.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_story.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_tblresults.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_ttl.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_close.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_minus.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\game_placeholder.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\loading.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pubplaceholder.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\spacer.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\xp_close_small.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\234x60storage-dropdownEN.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\4x4 Rally.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\add_en.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Air Dodge.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Alien.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Alpha Bravo Charlie.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Balloony.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Battle Tanks.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Black Jack.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Bowling.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Connect 2.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Cowboy Bullet.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\cubeez.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\curve ball.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\fish eat fish.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Flashludo.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Fly plane.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Flyplane.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\forest challenge 2.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gold diggers.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Hungry Space.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\indiana jones.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\ma balls.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Memory Trial.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini nitros.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\minipool2.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Muay Thai.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
aval gun.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Office Paintball v2.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\overlord.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\pig wars.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Raidenx.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarss.xsl
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\war games.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\micro tanks.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bomber bob.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\keep ups 2.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini pool.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini putt 3.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\show jumping.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	able tennis.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\virtual cop.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\mini pool 2.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\galaxians.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\air hockey.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\Bubble Bobble The Revival.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar	etris.JPG
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games.xml
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\alias.jpg
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_games4.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\bg_games3.gif
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbarsslib.js
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar
ews.html
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\games.js
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\gamesmenu.html
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
   Supprime! - C:\WINDOWS\iun6002.exe
   Supprime! - C:\Program Files\AskSBar
   Supprime! - C:\DOCUME~1\clement\APPLIC~1\VMNToolbar

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (clement) - {e968fc70-8f95-4ab9-9e79-304de2a71ee1} => useragentswitcher


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Start Page"="https://www.google.com/?gws_rd=ssl"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  ROOTKIT !!

   Rootkit Tibs ! .. [HKLM\..\ControlSet003\Services	dssserv]




   1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2008|11:50 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 28/09/2008|12:40 - Option : [2]

   -----------\  Fin du rapport a 12:40:32,85

clément75 · Answer

Bon ba la je comprends pas :

Je me suis mis en mode sans echec, j ai deconnecté internet
J ai fait un bon mbam, j ai supprimé le truc detecté.
J ai fait un cclean, corrigé le registre avec...
J ai redemarré sans internet en mode normal : pas de soucis.
J ai redemarré en rebranchant nternet : Antivir me detecte aussitot le virus....

..............................................................................................................................................................

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1214
Windows 5.1.2600 Service Pack 3

28/09/2008 15:34:21
mbam-log-2008-09-28 (15-34-21).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 219536
Temps écoulé: 1 hour(s), 54 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\CURITY~1\msdtc.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.

Destrio5 · Answer

- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer)

- En bas à droite, clique sur Démarrer Online-scanner

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte

- Accepte les Contrôles ActiveX

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport

- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

- Lis ceci en cas de problème d'installation du Contrôle ActiveX :
http://cybersecurite.xooit.com/t123-Les-controles-ActiveX.htm

clément75 · Answer

Il a rien trouvé
Par contre, ca m empeche pas de recevoir des pubs outerinfo!!

KASPERSKY ON-LINE SCANNER REPORT  
Sunday, September 28, 2008 5:00:23 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 28/09/2008
Enregistrements dans la base antivirus Kaspersky : 1133213
 
 
Paramètres d'analyse 
Analyser avec la base antivirus suivante standard 
Analyser les archives vrai 
Analyser les bases de messagerie vrai 
 
Cible de l'analyse Zones critiques 
C:\WINDOWS
C:\DOCUME~1\clement\LOCALS~1\Temp\  
 
Statistiques de l'analyse 
Total d'objets analysés 27379 
Nombre de virus trouvés 0 
Nombre d'objets infectés 0 / 0 
Nombre d'objets suspects 0 
Durée de l'analyse 00:18:04 

Nom de l'objet infecté Nom du virus Dernière action 
C:\WINDOWS\system32\config\system.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\software.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\default.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SYSTEM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SOFTWARE  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\DEFAULT  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SysEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\AppEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SecEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Internet.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\ACEEvent.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\OSession.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\ODiag.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\drivers\sptddrv1.sys  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\drivers\sptd.sys  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\eRLog.ini  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2\edb.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2	mp.edb  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\h323log.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Debug\PASSWD.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SchedLgU.Txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\WindowsUpdate.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiaservc.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Sti_Trace.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiadebug.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SoftwareDistribution\EventCache\{5A83631A-2435-4F6D-84FE-CE3385931967}.bin  L'objet est verrouillé  ignoré  
 
C:\DOCUME~1\clement\LOCALS~1\Temp\WCESLog.log  L'objet est verrouillé  ignoré  
 
C:\DOCUME~1\clement\LOCALS~1\Temp\hpodvd09.log  L'objet est verrouillé  ignoré  
 
Analyse terminée.

Destrio5 · Answer

/!\ Seul clement75 peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
C:\Documents and Settings\clement\Application Data\?ystem32\d?xplore.exe
C:\WINDOWS\system32\smbqbn.dll

Driver::
Boonty Games 

Folder::
C:\Program Files\Fichiers communs\BOONTY Shared

Registry::
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Qwifgf"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"IMJPMIG8.1"=-
"MSPY2002"=-
"PHIME2002A"=-
"PHIME2002ASync"=-
"SunJavaUpdateSched"=-
"ISUSPM Startup"=-
"ISUSScheduler"=-
"QuickTime Task"=-
"HP Software Update"=-
"SoundMan"=-
"AlcWzrd"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}] 






---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

clément75 · Answer

ComboFix 08-09-27.03 - clement 2008-09-28 17:21:25.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1603 [GMT 2:00] Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\WINDOWS\system32\smbqbn.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Fichiers communs\BOONTY Shared C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe C:\WINDOWS\system32 acle~1 C:\WINDOWS\system32 acle~1\?racle\ . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 )))))))))))))))))))))))))))))))))))) . 2008-09-28 16:14 . 2008-09-28 16:14 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk 2008-09-28 11:49 . 2008-09-28 11:49 d-------- C:\ToolBar SD 2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd 2008-09-27 21:11 . 2008-09-27 21:11 d-------- C:\Program Files\CleanUp! 2008-09-27 20:59 . 2008-09-27 20:59 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-09-27 20:33 . 2008-09-27 20:33 d-------- C:\Program Files\Navilog1 2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-09-27 18:43 . 2008-09-27 18:43 d-------- C:\WINDOWS\ERUNT 2008-09-27 18:34 . 2008-09-25 04:31 d-------- C:\SDFix 2008-09-27 17:52 . 2008-09-27 17:52 d-------- C:\Program Files\Trend Micro 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\fr 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\bits 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\l2schemas 2008-09-27 14:02 . 2008-09-27 14:02 d-------- C:\WINDOWS\ServicePackFiles 2008-09-27 13:27 . 2008-09-27 13:27 d--hs---- C:\FOUND.005 2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico 2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico 2008-09-27 03:47 . 2008-09-27 03:47 d-------- C:\Documents and Settings\clement\Application Data\?ystem32 2008-09-26 23:35 . 2008-09-26 23:35 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-26 21:53 . 2008-09-26 21:53 d-------- C:\Program Files\Next Limit 2008-09-26 21:16 . 2008-09-26 21:16 d-------- C:\WINDOWS\system32\URTTEMP 2008-09-23 22:24 . 2008-09-23 22:24 d--hs---- C:\WINDOWS\ftpcache 2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-16 11:07 . 2008-09-16 11:07 d-------- C:\Documents and Settings\clement\Application Data\U3 2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db 2008-09-06 03:11 . 2008-09-06 03:11 d-------- C:\Program Files\Call of Duty 2008-09-06 02:59 . 2008-09-06 02:59 d-------- C:\Program Files\D-Tools 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\clement\Application Data\Azureus 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-30 23:08 . 2008-08-30 23:09 d-------- C:\Program Files\Azureus . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 15:08 22,528 ----a-w C:\WINDOWS\system32\drivers hcDriver.sys 2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp 2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr 2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe 2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT 2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-27_22.06.03.92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-27 11:46:18 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2008-09-27 20:21:46 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2008-09-27 11:46:20 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-09-27 20:21:48 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-09-27 20:21:56 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_64693531\CustomMarshalers.dll + 2008-09-27 20:25:24 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b6db5122\CustomMarshalers.dll + 2008-09-27 20:22:14 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_98dffab1\mscorlib.dll + 2008-09-27 20:25:42 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b756ea50\mscorlib.dll + 2008-09-27 20:25:36 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_75289693\System.Design.dll + 2008-09-27 20:22:10 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_eede6db0\System.Design.dll + 2008-09-27 20:21:58 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_376d8775\System.Drawing.Design.dll + 2008-09-27 20:25:26 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6fcca027\System.Drawing.Design.dll + 2008-09-27 20:22:12 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_452814c5\System.Drawing.dll + 2008-09-27 20:25:38 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_953c4053\System.Drawing.dll + 2008-09-27 20:25:30 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3af9c93d\System.Windows.Forms.dll + 2008-09-27 20:22:02 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f028504c\System.Windows.Forms.dll + 2008-09-27 20:22:06 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0689be4a\System.Xml.dll + 2008-09-27 20:25:34 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d0bf1e4e\System.Xml.dll + 2008-09-27 20:25:24 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2640bec4\System.dll + 2008-09-27 20:21:56 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_29ee6ff8\System.dll + 2008-09-27 20:25:08 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_0267cde2\vjscor.dll + 2008-09-27 20:25:56 18,432 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_9b85792c\vjscor.dll + 2008-09-27 20:25:44 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_2615ac51\VJSharpCodeProvider.dll + 2008-09-27 20:22:16 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_4b382739\VJSharpCodeProvider.dll + 2008-09-27 20:22:26 4,468,736 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_0c347aa1\vjslib.dll + 2008-09-27 20:25:54 12,165,120 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_48d677d9\vjslib.dll + 2008-09-27 20:22:18 32,768 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_26dfb067\vjslibcw.dll + 2008-09-27 20:25:48 16,896 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_0918ce1a\VJSWfcBrowserStubLib.dll + 2008-09-27 20:22:18 10,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_78809710\VJSWfcBrowserStubLib.dll + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2003-02-20 17:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 etfxupdate.exe + 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 etfxupdate.exe + 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2432\_fusion.dll - 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll + 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll - 2004-07-15 12:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2008-04-14 02:34:00 139,264 ----a-w C:\WINDOWS\system32\cscript.exe + 2008-05-07 09:07:24 135,168 ----a-w C:\WINDOWS\system32\cscript.exe + 2008-05-07 09:07:24 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe + 2008-05-09 10:55:00 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll + 2008-05-09 10:55:00 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll + 2008-05-09 10:55:00 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll + 2008-05-09 10:55:00 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll + 2008-05-08 11:24:44 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe + 2008-05-09 10:55:00 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll - 2008-04-14 02:33:28 512,000 ----a-w C:\WINDOWS\system32\jscript.dll + 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2008-09-27 19:42:50 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-27 19:42:50 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-09-27 19:42:50 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-09-27 19:42:50 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat - 2008-04-14 02:33:40 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll + 2008-05-09 10:55:00 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll - 2008-04-14 02:33:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll + 2008-05-09 10:55:00 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll - 2008-04-14 02:33:48 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll + 2008-05-09 10:55:00 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll - 2008-04-14 02:34:30 155,648 ----a-w C:\WINDOWS\system32\wscript.exe + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe - 2008-04-14 02:33:50 90,112 ----a-w C:\WINDOWS\system32\wshext.dll + 2008-05-09 10:55:00 90,112 ----a-w C:\WINDOWS\system32\wshext.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216] "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760] "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control hc.exe" [2007-05-04 2629632] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\ No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104] Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Messenger\MSMSGS.EXE"= "C:\Program Files\eMule\eMule.exe"= "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"= "C:\Program Files\Autodesk\backburner\monitor.exe"= "C:\Program Files\Autodesk\backburner\manager.exe"= "C:\Program Files\Autodesk\backburner\server.exe"= "C:\Program Files\Autodesk\3dsMax8\VRLServer.exe"= "C:\TYPSoft FTP Server\ftpserv.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Microsoft Expression\Media 1.0\Media.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\WINDOWS\System32\FXSCLNT.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25845:TCP"= 25845:TCP:PORT_25845 "19857:TCP"= 19857:TCP:PORT_19857 "16773:TCP"= 16773:TCP:PORT_16773 "15758:TCP"= 15758:TCP:PORT_15758 "6548:TCP"= 6548:TCP:PORT_6548 "5716:TCP"= 5716:TCP:PORT_5716 "18141:TCP"= 18141:TCP:PORT_18141 "16172:TCP"= 16172:TCP:PORT_16172 "33762:TCP"= 33762:TCP:PORT_33762 "30680:TCP"= 30680:TCP:PORT_30680 "40560:TCP"= 40560:TCP:PORT_40560 "37024:TCP"= 37024:TCP:PORT_37024 "39312:TCP"= 39312:TCP:PORT_39312 "61223:TCP"= 61223:TCP:PORT_61223 "21336:TCP"= 21336:TCP:PORT_21336 "53457:TCP"= 53457:TCP:PORT_53457 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184] R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912] R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304] R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480] R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288] R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878] R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664] R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632] R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100] R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS dasbus.sys [2005-02-09 38656] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308] S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640] S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS dasscsi.sys [2005-02-09 90752] . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 17:26:34 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt" . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\SCARDSVR.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE C:\Program Files\NDAS\System dassvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\TYPSOFT FTP SERVER\FTPSERV.EXE C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE C:\PROGRAM FILES\ULTRAMON\ULTRAMON.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\ComboFix\pv.cfexe C:\Program Files\UltraMon\UltraMonTaskbar.exe . ************************************************************************** . Heure de fin: 2008-09-28 17:30:22 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-28 15:30:18 ComboFix2.txt 2008-09-27 20:06:22 Avant-CF: 15ÿ589ÿ965ÿ824 octets libres Après-CF: 15,484,026,880 octets libres 369 --- E O F --- 2008-09-27 20:22:14

Destrio5 · Answer

Refais avec ceci :


KillAll::

Folder::
C:\Documents and Settings\clement\Application Data\?ystem32

clément75 · Answer

ComboFix 08-09-27.03 - clement 2008-09-28 17:42:13.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1636 [GMT 2:00] Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 )))))))))))))))))))))))))))))))))))) . 2008-09-28 16:14 . 2008-09-28 16:14 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk 2008-09-28 11:49 . 2008-09-28 11:49 d-------- C:\ToolBar SD 2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd 2008-09-27 21:11 . 2008-09-27 21:11 d-------- C:\Program Files\CleanUp! 2008-09-27 20:59 . 2008-09-27 20:59 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-09-27 20:33 . 2008-09-27 20:33 d-------- C:\Program Files\Navilog1 2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-09-27 18:43 . 2008-09-27 18:43 d-------- C:\WINDOWS\ERUNT 2008-09-27 18:34 . 2008-09-25 04:31 d-------- C:\SDFix 2008-09-27 17:52 . 2008-09-27 17:52 d-------- C:\Program Files\Trend Micro 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\fr 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\bits 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\l2schemas 2008-09-27 14:02 . 2008-09-27 14:02 d-------- C:\WINDOWS\ServicePackFiles 2008-09-27 13:27 . 2008-09-27 13:27 d--hs---- C:\FOUND.005 2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico 2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico 2008-09-27 03:47 . 2008-09-27 03:47 d-------- C:\Documents and Settings\clement\Application Data\?ystem32 2008-09-26 23:35 . 2008-09-26 23:35 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-26 21:53 . 2008-09-26 21:53 d-------- C:\Program Files\Next Limit 2008-09-26 21:16 . 2008-09-26 21:16 d-------- C:\WINDOWS\system32\URTTEMP 2008-09-23 22:24 . 2008-09-23 22:24 d--hs---- C:\WINDOWS\ftpcache 2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-16 11:07 . 2008-09-16 11:07 d-------- C:\Documents and Settings\clement\Application Data\U3 2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db 2008-09-06 03:11 . 2008-09-06 03:11 d-------- C:\Program Files\Call of Duty 2008-09-06 02:59 . 2008-09-06 02:59 d-------- C:\Program Files\D-Tools 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\clement\Application Data\Azureus 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-30 23:08 . 2008-08-30 23:09 d-------- C:\Program Files\Azureus . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 15:45 22,528 ----a-w C:\WINDOWS\system32\drivers hcDriver.sys 2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp 2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr 2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe 2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT 2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot_2008-09-28_17.29.57.28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-28 15:31:14 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-09-28 15:31:14 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-28 15:31:14 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-28 15:31:14 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216] "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760] "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control hc.exe" [2007-05-04 2629632] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\ No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104] Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Messenger\MSMSGS.EXE"= "C:\Program Files\eMule\eMule.exe"= "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"= "C:\Program Files\Autodesk\backburner\monitor.exe"= "C:\Program Files\Autodesk\backburner\manager.exe"= "C:\Program Files\Autodesk\backburner\server.exe"= "C:\Program Files\Autodesk\3dsMax8\VRLServer.exe"= "C:\TYPSoft FTP Server\ftpserv.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Microsoft Expression\Media 1.0\Media.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\WINDOWS\System32\FXSCLNT.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25845:TCP"= 25845:TCP:PORT_25845 "19857:TCP"= 19857:TCP:PORT_19857 "16773:TCP"= 16773:TCP:PORT_16773 "15758:TCP"= 15758:TCP:PORT_15758 "6548:TCP"= 6548:TCP:PORT_6548 "5716:TCP"= 5716:TCP:PORT_5716 "18141:TCP"= 18141:TCP:PORT_18141 "16172:TCP"= 16172:TCP:PORT_16172 "33762:TCP"= 33762:TCP:PORT_33762 "30680:TCP"= 30680:TCP:PORT_30680 "40560:TCP"= 40560:TCP:PORT_40560 "37024:TCP"= 37024:TCP:PORT_37024 "39312:TCP"= 39312:TCP:PORT_39312 "61223:TCP"= 61223:TCP:PORT_61223 "21336:TCP"= 21336:TCP:PORT_21336 "53457:TCP"= 53457:TCP:PORT_53457 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184] R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912] R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304] R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480] R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288] R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878] R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664] R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632] R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100] R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS dasbus.sys [2005-02-09 38656] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308] S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640] S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS dasscsi.sys [2005-02-09 90752] . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 17:45:35 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt" . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\SCARDSVR.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE C:\PROGRAM FILES\NDAS\SYSTEM\NDASSVC.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\TYPSOFT FTP SERVER\FTPSERV.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Heure de fin: 2008-09-28 17:48:53 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-28 15:48:48 ComboFix3.txt 2008-09-27 20:06:22 ComboFix2.txt 2008-09-28 15:30:24 Avant-CF: 15ÿ392ÿ768ÿ000 octets libres Après-CF: 15,380,938,752 octets libres 272 --- E O F --- 2008-09-27 20:22:14

Destrio5 · Answer

Bof, essaie ceci :


KillAll::

Folder::
C:\Documents and Settings\clement\Application Data\system32

clément75 · Answer

ComboFix 08-09-27.03 - clement 2008-09-28 17:57:47.4 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1639 [GMT 2:00] Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 )))))))))))))))))))))))))))))))))))) . 2008-09-28 16:14 . 2008-09-28 16:14 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk 2008-09-28 11:49 . 2008-09-28 11:49 d-------- C:\ToolBar SD 2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd 2008-09-27 21:11 . 2008-09-27 21:11 d-------- C:\Program Files\CleanUp! 2008-09-27 20:59 . 2008-09-27 20:59 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-09-27 20:33 . 2008-09-27 20:33 d-------- C:\Program Files\Navilog1 2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-09-27 18:43 . 2008-09-27 18:43 d-------- C:\WINDOWS\ERUNT 2008-09-27 18:34 . 2008-09-25 04:31 d-------- C:\SDFix 2008-09-27 17:52 . 2008-09-27 17:52 d-------- C:\Program Files\Trend Micro 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\fr 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\system32\bits 2008-09-27 14:04 . 2008-09-27 14:04 d-------- C:\WINDOWS\l2schemas 2008-09-27 14:02 . 2008-09-27 14:02 d-------- C:\WINDOWS\ServicePackFiles 2008-09-27 13:27 . 2008-09-27 13:27 d--hs---- C:\FOUND.005 2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico 2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico 2008-09-27 03:47 . 2008-09-27 03:47 d-------- C:\Documents and Settings\clement\Application Data\?ystem32 2008-09-26 23:35 . 2008-09-26 23:35 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-26 21:53 . 2008-09-26 21:53 d-------- C:\Program Files\Next Limit 2008-09-26 21:16 . 2008-09-26 21:16 d-------- C:\WINDOWS\system32\URTTEMP 2008-09-23 22:24 . 2008-09-23 22:24 d--hs---- C:\WINDOWS\ftpcache 2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-16 11:07 . 2008-09-16 11:07 d-------- C:\Documents and Settings\clement\Application Data\U3 2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db 2008-09-06 03:11 . 2008-09-06 03:11 d-------- C:\Program Files\Call of Duty 2008-09-06 02:59 . 2008-09-06 02:59 d-------- C:\Program Files\D-Tools 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\clement\Application Data\Azureus 2008-08-30 23:09 . 2008-08-30 23:09 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-30 23:08 . 2008-08-30 23:09 d-------- C:\Program Files\Azureus . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 16:01 22,528 ----a-w C:\WINDOWS\system32\drivers hcDriver.sys 2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp 2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr 2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe 2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT 2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot_2008-09-28_17.29.57.28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-28 15:31:14 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-09-28 15:31:14 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-28 15:31:14 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-28 15:31:14 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216] "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760] "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control hc.exe" [2007-05-04 2629632] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\ No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104] Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Messenger\MSMSGS.EXE"= "C:\Program Files\eMule\eMule.exe"= "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"= "C:\Program Files\Autodesk\backburner\monitor.exe"= "C:\Program Files\Autodesk\backburner\manager.exe"= "C:\Program Files\Autodesk\backburner\server.exe"= "C:\Program Files\Autodesk\3dsMax8\VRLServer.exe"= "C:\TYPSoft FTP Server\ftpserv.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe"= "C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.EXE"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\Microsoft Expression\Media 1.0\Media.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\WINDOWS\System32\FXSCLNT.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25845:TCP"= 25845:TCP:PORT_25845 "19857:TCP"= 19857:TCP:PORT_19857 "16773:TCP"= 16773:TCP:PORT_16773 "15758:TCP"= 15758:TCP:PORT_15758 "6548:TCP"= 6548:TCP:PORT_6548 "5716:TCP"= 5716:TCP:PORT_5716 "18141:TCP"= 18141:TCP:PORT_18141 "16172:TCP"= 16172:TCP:PORT_16172 "33762:TCP"= 33762:TCP:PORT_33762 "30680:TCP"= 30680:TCP:PORT_30680 "40560:TCP"= 40560:TCP:PORT_40560 "37024:TCP"= 37024:TCP:PORT_37024 "39312:TCP"= 39312:TCP:PORT_39312 "61223:TCP"= 61223:TCP:PORT_61223 "21336:TCP"= 21336:TCP:PORT_21336 "53457:TCP"= 53457:TCP:PORT_53457 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184] R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912] R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304] R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480] R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288] R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878] R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664] R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632] R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100] R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS dasbus.sys [2005-02-09 38656] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308] S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640] S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS dasscsi.sys [2005-02-09 90752] . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 18:01:09 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt" . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\SCARDSVR.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\Acer\eManager\anbmServ.exe C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE C:\PROGRAM FILES\NDAS\SYSTEM\NDASSVC.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\COMBOFIX\PV.CFEXE . ************************************************************************** . Heure de fin: 2008-09-28 18:04:27 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-28 16:04:24 ComboFix4.txt 2008-09-27 20:06:22 ComboFix3.txt 2008-09-28 15:30:24 ComboFix2.txt 2008-09-28 15:48:56 Avant-CF: 15ÿ305ÿ310ÿ208 octets libres Après-CF: 15,291,482,112 octets libres 272 --- E O F --- 2008-09-27 20:22:14

Destrio5 · Answer

Comprends pas...

As-tu déjà fait un scan avec Spybot (Je ne m'en souviens plus) ?

clément75 · Answer

ou j ai deja fait
Le rapport indique des trucs anormaux?
Depuis les dernieres manip, je n ai pas vu apparaitre de pub par outerinfo et pas de message d antivir au demarrage.
Je ne sais pas si c est bon signe et definitif : 
veux tu que je redemarre pour voir si Antivir m indique le virus?

Destrio5 · Answer

Oui.

clément75 · Answer

J ai redemarrer et PAS DE MESSAGE D ANTIVIR ....
C 'est tres bon signe non, peut etre meme un probleme resolu?

Destrio5 · Answer

Poste un nouveau rapport HijackThis.

clément75 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:52, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\NDAS\System
dassvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32undll32.exe
C:\acer\epm\epm-dm.exe
C:\TYPSOF~1\ftpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control
hc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control
hc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
dassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis

clément75 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:58, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\NDAS\System
dassvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32undll32.exe
C:\acer\epm\epm-dm.exe
C:\TYPSOF~1\ftpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control
hc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control
hc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
dassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl

Destrio5 · Answer

Pour finir :

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport. 
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

clément75 · Answer

J ai fait toutes les etapes pour finaliser
Peux-tu me dire si je peux enfin dire "ouf"?
En tout cas, pas de nouvelles des pubs et du virus.


[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SdFix.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Msnfix.zip: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\ComboFix.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\ToolBarSD.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\hijackthis.log: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\fixnavi.txt: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\cleannavi.txt: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\TB.txt: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SDFIX: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\MsnFix: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SDFix\SDFIX: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\MSNFix\MsnFix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\hijackthis\HijackThis.exe: trouvé !
C:\hijackthis\hijackthis.log: trouvé !
C:\hijackthis\ancien\hijackthis.log: trouvé !


Corbeille vidée!
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression: 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SdFix.exe: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Msnfix.zip: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.exe: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\clement\Bureau\recherche virus$\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\hijackthis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\clement\Bureau\recherche virus$\hijackthis.log: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\fixnavi.txt: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\cleannavi.txt: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\TB.txt: supprimé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\hijackthis\hijackthis.log: supprimé !
C:\hijackthis\ancien\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SDFIX: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\MsnFix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Destrio5 · Answer

Voilà, c'est fini.

Supprime ComboFix et Tools Cleaner s'ils sont encore présents.

clément75 · Answer

Ok, je vais faire ca 

Je ne sais pas trop quoi dire si ce n'est merci infiniment pour ta patience et ta generosité
merci merci et merci, franchement sans toi, j etais parti pour un reformatage et une semaine de perdue

MERCI

Destrio5 · Answer

De rien et je te souhaite une bonne soirée ;)

clément75 · Answer

De même <:)

PB virus Dldr.purityScan.FK et pub outerinfo

61 réponses

Discussions similaires

Newsletters