Sujet Précédent Sujet Suivant

PB virus Dldr.purityScan.FK et pub outerinfo

Résolu
Clément 75 -  
 clément75 -
Bonjour,

Apres avoir nettoyé mon ordi suite à des problèmes de virus (scan avec malwarebytes et Antivir), tout semblait propre mais a chaque redemarrage, Antivir me detecte un certain TR/Dldr.PurityScan.FK comme trojan.
De plus, il arive qu une fenetre internet s'ouvre toute seule avec une pub Outerinfo par exemple

Si quelqu un de fort aimable pouvait me guider dans la demarche à suivre, je lui serait grandement reconnaissant.

Je suis sur windows XP SP3.

Merci par avance,

Clément
A voir également:

61 réponses

Précédent
Réponse 41 / 61
clément75
 
Il a rien trouvé
Par contre, ca m empeche pas de recevoir des pubs outerinfo!!

KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 28, 2008 5:00:23 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 28/09/2008
Enregistrements dans la base antivirus Kaspersky : 1133213

Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Zones critiques
C:\WINDOWS
C:\DOCUME~1\clement\LOCALS~1\Temp\

Statistiques de l'analyse
Total d'objets analysés 27379
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:18:04

Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\sptddrv1.sys L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\eRLog.ini L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\EventCache\{5A83631A-2435-4F6D-84FE-CE3385931967}.bin L'objet est verrouillé ignoré

C:\DOCUME~1\clement\LOCALS~1\Temp\WCESLog.log L'objet est verrouillé ignoré

C:\DOCUME~1\clement\LOCALS~1\Temp\hpodvd09.log L'objet est verrouillé ignoré

Analyse terminée.
0
Réponse 42 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul clement75 peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
C:\Documents and Settings\clement\Application Data\?ystem32\d?xplore.exe
C:\WINDOWS\system32\smbqbn.dll

Driver::
Boonty Games

Folder::
C:\Program Files\Fichiers communs\BOONTY Shared

Registry::
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Qwifgf"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=-
"MSPY2002"=-
"PHIME2002A"=-
"PHIME2002ASync"=-
"SunJavaUpdateSched"=-
"ISUSPM Startup"=-
"ISUSScheduler"=-
"QuickTime Task"=-
"HP Software Update"=-
"SoundMan"=-
"AlcWzrd"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}]

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 43 / 61
clément75
 
ComboFix 08-09-27.03 - clement 2008-09-28 17:21:25.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1603 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\smbqbn.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\?racle\

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.

2008-09-28 16:14 . 2008-09-28 16:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk
2008-09-28 11:49 . 2008-09-28 11:49 <REP> d-------- C:\ToolBar SD
2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd
2008-09-27 21:11 . 2008-09-27 21:11 <REP> d-------- C:\Program Files\CleanUp!
2008-09-27 20:59 . 2008-09-27 20:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-09-27 20:33 . 2008-09-27 20:33 <REP> d-------- C:\Program Files\Navilog1
2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 18:43 . 2008-09-27 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-27 18:34 . 2008-09-25 04:31 <REP> d-------- C:\SDFix
2008-09-27 17:52 . 2008-09-27 17:52 <REP> d-------- C:\Program Files\Trend Micro
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-27 14:02 . 2008-09-27 14:02 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-27 13:27 . 2008-09-27 13:27 <REP> d--hs---- C:\FOUND.005
2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-09-27 03:47 . 2008-09-27 03:47 <REP> d-------- C:\Documents and Settings\clement\Application Data\?ystem32
2008-09-26 23:35 . 2008-09-26 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-26 21:53 . 2008-09-26 21:53 <REP> d-------- C:\Program Files\Next Limit
2008-09-26 21:16 . 2008-09-26 21:16 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-23 22:24 . 2008-09-23 22:24 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-16 11:07 . 2008-09-16 11:07 <REP> d-------- C:\Documents and Settings\clement\Application Data\U3
2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-09-06 03:11 . 2008-09-06 03:11 <REP> d-------- C:\Program Files\Call of Duty
2008-09-06 02:59 . 2008-09-06 02:59 <REP> d-------- C:\Program Files\D-Tools
2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\clement\Application Data\Azureus
2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-30 23:08 . 2008-08-30 23:09 <REP> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 15:08 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp
2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-27_22.06.03.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-27 11:46:18 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-27 20:21:46 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-27 11:46:20 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-27 20:21:48 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-27 20:21:56 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_64693531\CustomMarshalers.dll
+ 2008-09-27 20:25:24 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b6db5122\CustomMarshalers.dll
+ 2008-09-27 20:22:14 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_98dffab1\mscorlib.dll
+ 2008-09-27 20:25:42 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b756ea50\mscorlib.dll
+ 2008-09-27 20:25:36 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_75289693\System.Design.dll
+ 2008-09-27 20:22:10 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_eede6db0\System.Design.dll
+ 2008-09-27 20:21:58 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_376d8775\System.Drawing.Design.dll
+ 2008-09-27 20:25:26 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6fcca027\System.Drawing.Design.dll
+ 2008-09-27 20:22:12 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_452814c5\System.Drawing.dll
+ 2008-09-27 20:25:38 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_953c4053\System.Drawing.dll
+ 2008-09-27 20:25:30 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3af9c93d\System.Windows.Forms.dll
+ 2008-09-27 20:22:02 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f028504c\System.Windows.Forms.dll
+ 2008-09-27 20:22:06 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0689be4a\System.Xml.dll
+ 2008-09-27 20:25:34 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d0bf1e4e\System.Xml.dll
+ 2008-09-27 20:25:24 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2640bec4\System.dll
+ 2008-09-27 20:21:56 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_29ee6ff8\System.dll
+ 2008-09-27 20:25:08 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_0267cde2\vjscor.dll
+ 2008-09-27 20:25:56 18,432 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_9b85792c\vjscor.dll
+ 2008-09-27 20:25:44 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_2615ac51\VJSharpCodeProvider.dll
+ 2008-09-27 20:22:16 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_4b382739\VJSharpCodeProvider.dll
+ 2008-09-27 20:22:26 4,468,736 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_0c347aa1\vjslib.dll
+ 2008-09-27 20:25:54 12,165,120 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_48d677d9\vjslib.dll
+ 2008-09-27 20:22:18 32,768 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_26dfb067\vjslibcw.dll
+ 2008-09-27 20:25:48 16,896 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_0918ce1a\VJSWfcBrowserStubLib.dll
+ 2008-09-27 20:22:18 10,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_78809710\VJSWfcBrowserStubLib.dll
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 17:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2432\_fusion.dll
- 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 12:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-04-14 02:34:00 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:24 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:24 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:55:00 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:55:00 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:55:00 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:55:00 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:55:00 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 02:33:28 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-09-27 19:42:50 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-27 19:42:50 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-09-27 19:42:50 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-27 19:42:50 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2008-04-14 02:33:40 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2008-05-09 10:55:00 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2008-04-14 02:33:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
+ 2008-05-09 10:55:00 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
- 2008-04-14 02:33:48 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:55:00 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-14 02:34:30 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2008-04-14 02:33:50 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:55:00 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760]
"FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
"C:\\TYPSoft FTP Server\\ftpserv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25845:TCP"= 25845:TCP:PORT_25845
"19857:TCP"= 19857:TCP:PORT_19857
"16773:TCP"= 16773:TCP:PORT_16773
"15758:TCP"= 15758:TCP:PORT_15758
"6548:TCP"= 6548:TCP:PORT_6548
"5716:TCP"= 5716:TCP:PORT_5716
"18141:TCP"= 18141:TCP:PORT_18141
"16172:TCP"= 16172:TCP:PORT_16172
"33762:TCP"= 33762:TCP:PORT_33762
"30680:TCP"= 30680:TCP:PORT_30680
"40560:TCP"= 40560:TCP:PORT_40560
"37024:TCP"= 37024:TCP:PORT_37024
"39312:TCP"= 39312:TCP:PORT_39312
"61223:TCP"= 61223:TCP:PORT_61223
"21336:TCP"= 21336:TCP:PORT_21336
"53457:TCP"= 53457:TCP:PORT_53457
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184]
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912]
R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878]
R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100]
R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]
S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 17:26:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\TYPSOFT FTP SERVER\FTPSERV.EXE
C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
C:\PROGRAM FILES\ULTRAMON\ULTRAMON.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\ComboFix\pv.cfexe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Heure de fin: 2008-09-28 17:30:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 15:30:18
ComboFix2.txt 2008-09-27 20:06:22

Avant-CF: 15ÿ589ÿ965ÿ824 octets libres
Après-CF: 15,484,026,880 octets libres

369 --- E O F --- 2008-09-27 20:22:14
0
Réponse 44 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Refais avec ceci :

KillAll::

Folder::
C:\Documents and Settings\clement\Application Data\?ystem32
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 61
clément75
 
ComboFix 08-09-27.03 - clement 2008-09-28 17:42:13.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1636 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.

2008-09-28 16:14 . 2008-09-28 16:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk
2008-09-28 11:49 . 2008-09-28 11:49 <REP> d-------- C:\ToolBar SD
2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd
2008-09-27 21:11 . 2008-09-27 21:11 <REP> d-------- C:\Program Files\CleanUp!
2008-09-27 20:59 . 2008-09-27 20:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-09-27 20:33 . 2008-09-27 20:33 <REP> d-------- C:\Program Files\Navilog1
2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 18:43 . 2008-09-27 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-27 18:34 . 2008-09-25 04:31 <REP> d-------- C:\SDFix
2008-09-27 17:52 . 2008-09-27 17:52 <REP> d-------- C:\Program Files\Trend Micro
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-27 14:02 . 2008-09-27 14:02 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-27 13:27 . 2008-09-27 13:27 <REP> d--hs---- C:\FOUND.005
2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-09-27 03:47 . 2008-09-27 03:47 <REP> d-------- C:\Documents and Settings\clement\Application Data\?ystem32
2008-09-26 23:35 . 2008-09-26 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-26 21:53 . 2008-09-26 21:53 <REP> d-------- C:\Program Files\Next Limit
2008-09-26 21:16 . 2008-09-26 21:16 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-23 22:24 . 2008-09-23 22:24 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-16 11:07 . 2008-09-16 11:07 <REP> d-------- C:\Documents and Settings\clement\Application Data\U3
2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-09-06 03:11 . 2008-09-06 03:11 <REP> d-------- C:\Program Files\Call of Duty
2008-09-06 02:59 . 2008-09-06 02:59 <REP> d-------- C:\Program Files\D-Tools
2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\clement\Application Data\Azureus
2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-30 23:08 . 2008-08-30 23:09 <REP> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 15:45 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp
2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-09-28_17.29.57.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-28 15:31:14 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-28 15:31:14 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-28 15:31:14 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-28 15:31:14 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760]
"FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
"C:\\TYPSoft FTP Server\\ftpserv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25845:TCP"= 25845:TCP:PORT_25845
"19857:TCP"= 19857:TCP:PORT_19857
"16773:TCP"= 16773:TCP:PORT_16773
"15758:TCP"= 15758:TCP:PORT_15758
"6548:TCP"= 6548:TCP:PORT_6548
"5716:TCP"= 5716:TCP:PORT_5716
"18141:TCP"= 18141:TCP:PORT_18141
"16172:TCP"= 16172:TCP:PORT_16172
"33762:TCP"= 33762:TCP:PORT_33762
"30680:TCP"= 30680:TCP:PORT_30680
"40560:TCP"= 40560:TCP:PORT_40560
"37024:TCP"= 37024:TCP:PORT_37024
"39312:TCP"= 39312:TCP:PORT_39312
"61223:TCP"= 61223:TCP:PORT_61223
"21336:TCP"= 21336:TCP:PORT_21336
"53457:TCP"= 53457:TCP:PORT_53457
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184]
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912]
R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878]
R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100]
R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]
S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 17:45:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE
C:\PROGRAM FILES\NDAS\SYSTEM\NDASSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\TYPSOFT FTP SERVER\FTPSERV.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-28 17:48:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 15:48:48
ComboFix3.txt 2008-09-27 20:06:22
ComboFix2.txt 2008-09-28 15:30:24

Avant-CF: 15ÿ392ÿ768ÿ000 octets libres
Après-CF: 15,380,938,752 octets libres

272 --- E O F --- 2008-09-27 20:22:14
0
Réponse 46 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Bof, essaie ceci :

KillAll::

Folder::
C:\Documents and Settings\clement\Application Data\system32
0
Réponse 47 / 61
clément75
 
ComboFix 08-09-27.03 - clement 2008-09-28 17:57:47.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1639 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.

2008-09-28 16:14 . 2008-09-28 16:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk
2008-09-28 11:49 . 2008-09-28 11:49 <REP> d-------- C:\ToolBar SD
2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd
2008-09-27 21:11 . 2008-09-27 21:11 <REP> d-------- C:\Program Files\CleanUp!
2008-09-27 20:59 . 2008-09-27 20:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-09-27 20:33 . 2008-09-27 20:33 <REP> d-------- C:\Program Files\Navilog1
2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 18:43 . 2008-09-27 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-27 18:34 . 2008-09-25 04:31 <REP> d-------- C:\SDFix
2008-09-27 17:52 . 2008-09-27 17:52 <REP> d-------- C:\Program Files\Trend Micro
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-27 14:02 . 2008-09-27 14:02 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-27 13:27 . 2008-09-27 13:27 <REP> d--hs---- C:\FOUND.005
2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-09-27 03:47 . 2008-09-27 03:47 <REP> d-------- C:\Documents and Settings\clement\Application Data\?ystem32
2008-09-26 23:35 . 2008-09-26 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-26 21:53 . 2008-09-26 21:53 <REP> d-------- C:\Program Files\Next Limit
2008-09-26 21:16 . 2008-09-26 21:16 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-23 22:24 . 2008-09-23 22:24 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-16 11:07 . 2008-09-16 11:07 <REP> d-------- C:\Documents and Settings\clement\Application Data\U3
2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
2008-09-06 03:11 . 2008-09-06 03:11 <REP> d-------- C:\Program Files\Call of Duty
2008-09-06 02:59 . 2008-09-06 02:59 <REP> d-------- C:\Program Files\D-Tools
2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\clement\Application Data\Azureus
2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-30 23:08 . 2008-08-30 23:09 <REP> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 16:01 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp
2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-09-28_17.29.57.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-28 15:31:14 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-28 15:31:14 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-28 15:31:14 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-28 15:31:14 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760]
"FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
"C:\\TYPSoft FTP Server\\ftpserv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25845:TCP"= 25845:TCP:PORT_25845
"19857:TCP"= 19857:TCP:PORT_19857
"16773:TCP"= 16773:TCP:PORT_16773
"15758:TCP"= 15758:TCP:PORT_15758
"6548:TCP"= 6548:TCP:PORT_6548
"5716:TCP"= 5716:TCP:PORT_5716
"18141:TCP"= 18141:TCP:PORT_18141
"16172:TCP"= 16172:TCP:PORT_16172
"33762:TCP"= 33762:TCP:PORT_33762
"30680:TCP"= 30680:TCP:PORT_30680
"40560:TCP"= 40560:TCP:PORT_40560
"37024:TCP"= 37024:TCP:PORT_37024
"39312:TCP"= 39312:TCP:PORT_39312
"61223:TCP"= 61223:TCP:PORT_61223
"21336:TCP"= 21336:TCP:PORT_21336
"53457:TCP"= 53457:TCP:PORT_53457
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184]
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912]
R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878]
R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100]
R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]
S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752]
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 18:01:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\Acer\eManager\anbmServ.exe
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE
C:\PROGRAM FILES\NDAS\SYSTEM\NDASSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\COMBOFIX\PV.CFEXE
.
**************************************************************************
.
Heure de fin: 2008-09-28 18:04:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-28 16:04:24
ComboFix4.txt 2008-09-27 20:06:22
ComboFix3.txt 2008-09-28 15:30:24
ComboFix2.txt 2008-09-28 15:48:56

Avant-CF: 15ÿ305ÿ310ÿ208 octets libres
Après-CF: 15,291,482,112 octets libres

272 --- E O F --- 2008-09-27 20:22:14
0
Réponse 48 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Comprends pas...

As-tu déjà fait un scan avec Spybot (Je ne m'en souviens plus) ?
0
Réponse 49 / 61
clément75
 
ou j ai deja fait
Le rapport indique des trucs anormaux?
Depuis les dernieres manip, je n ai pas vu apparaitre de pub par outerinfo et pas de message d antivir au demarrage.
Je ne sais pas si c est bon signe et definitif :
veux tu que je redemarre pour voir si Antivir m indique le virus?
0
Réponse 50 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui.
0
Réponse 51 / 61
clément75
 
J ai redemarrer et PAS DE MESSAGE D ANTIVIR ....
C 'est tres bon signe non, peut etre meme un probleme resolu?
0
Réponse 52 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Poste un nouveau rapport HijackThis.
0
Réponse 53 / 61
clément75
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:52, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\TYPSOF~1\ftpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl
0
Réponse 54 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis
0
Réponse 55 / 61
clément75
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:58, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\TYPSOF~1\ftpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl
0
Réponse 56 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Pour finir :

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php
0
Réponse 57 / 61
clément75
 
J ai fait toutes les etapes pour finaliser
Peux-tu me dire si je peux enfin dire "ouf"?
En tout cas, pas de nouvelles des pubs et du virus.

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SdFix.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Msnfix.zip: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\ComboFix.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\ToolBarSD.exe: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\hijackthis.log: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\fixnavi.txt: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\cleannavi.txt: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\TB.txt: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SDFIX: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\MsnFix: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SDFix\SDFIX: trouvé !
C:\Documents and Settings\clement\Bureau\recherche virus$\MSNFix\MsnFix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\hijackthis\HijackThis.exe: trouvé !
C:\hijackthis\hijackthis.log: trouvé !
C:\hijackthis\ancien\hijackthis.log: trouvé !

Corbeille vidée!
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SdFix.exe: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Msnfix.zip: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.exe: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\clement\Bureau\recherche virus$\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\hijackthis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\clement\Bureau\recherche virus$\hijackthis.log: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\fixnavi.txt: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\cleannavi.txt: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\TB.txt: supprimé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\hijackthis\hijackthis.log: supprimé !
C:\hijackthis\ancien\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\SDFIX: supprimé !
C:\Documents and Settings\clement\Bureau\recherche virus$\MsnFix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 58 / 61
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Voilà, c'est fini.

Supprime ComboFix et Tools Cleaner s'ils sont encore présents.
0
Réponse 59 / 61
clément75
 
Ok, je vais faire ca

Je ne sais pas trop quoi dire si ce n'est merci infiniment pour ta patience et ta generosité
merci merci et merci, franchement sans toi, j etais parti pour un reformatage et une semaine de perdue

MERCI
0
Réponse 60 / 61
clément75
 
De même <:)
0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses
TokyVideo, est-ce un site fiable ? Vos avis
timinie -
Elvis -

5 réponses