PB virus Dldr.purityScan.FK et pub outerinfo - Page 3

Résolu
Précédent
  • 1
  • 2
  • 3
  • 4
  1. clément75
     
    Il a rien trouvé
    Par contre, ca m empeche pas de recevoir des pubs outerinfo!!

    KASPERSKY ON-LINE SCANNER REPORT
    Sunday, September 28, 2008 5:00:23 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 28/09/2008
    Enregistrements dans la base antivirus Kaspersky : 1133213

    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai

    Cible de l'analyse Zones critiques
    C:\WINDOWS
    C:\DOCUME~1\clement\LOCALS~1\Temp\

    Statistiques de l'analyse
    Total d'objets analysés 27379
    Nombre de virus trouvés 0
    Nombre d'objets infectés 0 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 00:18:04

    Nom de l'objet infecté Nom du virus Dernière action
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\drivers\sptddrv1.sys L'objet est verrouillé ignoré

    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

    C:\WINDOWS\system32\eRLog.ini L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

    C:\WINDOWS\SoftwareDistribution\EventCache\{5A83631A-2435-4F6D-84FE-CE3385931967}.bin L'objet est verrouillé ignoré

    C:\DOCUME~1\clement\LOCALS~1\Temp\WCESLog.log L'objet est verrouillé ignoré

    C:\DOCUME~1\clement\LOCALS~1\Temp\hpodvd09.log L'objet est verrouillé ignoré

    Analyse terminée.
    0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    /!\ Seul clement75 peut suivre cette procédure /!\

    1/

    ---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

    ---> Copie le texte ci-dessous par sélection puis Ctrl+C :

    KillAll::

    File::
    C:\Documents and Settings\clement\Application Data\?ystem32\d?xplore.exe
    C:\WINDOWS\system32\smbqbn.dll

    Driver::
    Boonty Games

    Folder::
    C:\Program Files\Fichiers communs\BOONTY Shared

    Registry::
    [-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Qwifgf"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=-
    "MSPY2002"=-
    "PHIME2002A"=-
    "PHIME2002ASync"=-
    "SunJavaUpdateSched"=-
    "ISUSPM Startup"=-
    "ISUSScheduler"=-
    "QuickTime Task"=-
    "HP Software Update"=-
    "SoundMan"=-
    "AlcWzrd"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}]

    ---> Colle la sélection dans le bloc-notes

    ---> Enregistre ce fichier sur le bureau (Impératif)

    ---> Nom du fichier : CFScript
    ---> Type du fichier : tous les fichiers
    ---> Clique sur Enregistrer
    ---> Quitte le bloc-notes

    2/

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
    0
  3. clément75
     
    ComboFix 08-09-27.03 - clement 2008-09-28 17:21:25.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1603 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\smbqbn.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\WINDOWS\system32\racle~1
    C:\WINDOWS\system32\racle~1\?racle\

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-28 16:14 . 2008-09-28 16:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk
    2008-09-28 11:49 . 2008-09-28 11:49 <REP> d-------- C:\ToolBar SD
    2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd
    2008-09-27 21:11 . 2008-09-27 21:11 <REP> d-------- C:\Program Files\CleanUp!
    2008-09-27 20:59 . 2008-09-27 20:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    2008-09-27 20:33 . 2008-09-27 20:33 <REP> d-------- C:\Program Files\Navilog1
    2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
    2008-09-27 18:43 . 2008-09-27 18:43 <REP> d-------- C:\WINDOWS\ERUNT
    2008-09-27 18:34 . 2008-09-25 04:31 <REP> d-------- C:\SDFix
    2008-09-27 17:52 . 2008-09-27 17:52 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-27 14:02 . 2008-09-27 14:02 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-27 13:27 . 2008-09-27 13:27 <REP> d--hs---- C:\FOUND.005
    2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-09-27 03:47 . 2008-09-27 03:47 <REP> d-------- C:\Documents and Settings\clement\Application Data\?ystem32
    2008-09-26 23:35 . 2008-09-26 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-09-26 21:53 . 2008-09-26 21:53 <REP> d-------- C:\Program Files\Next Limit
    2008-09-26 21:16 . 2008-09-26 21:16 <REP> d-------- C:\WINDOWS\system32\URTTEMP
    2008-09-23 22:24 . 2008-09-23 22:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-16 11:07 . 2008-09-16 11:07 <REP> d-------- C:\Documents and Settings\clement\Application Data\U3
    2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
    2008-09-06 03:11 . 2008-09-06 03:11 <REP> d-------- C:\Program Files\Call of Duty
    2008-09-06 02:59 . 2008-09-06 02:59 <REP> d-------- C:\Program Files\D-Tools
    2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\clement\Application Data\Azureus
    2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-30 23:08 . 2008-08-30 23:09 <REP> d-------- C:\Program Files\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-28 15:08 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
    2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
    2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp
    2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
    2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-27_22.06.03.92 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-27 11:46:18 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-09-27 20:21:46 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2008-09-27 11:46:20 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-09-27 20:21:48 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-09-27 20:21:56 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_64693531\CustomMarshalers.dll
    + 2008-09-27 20:25:24 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b6db5122\CustomMarshalers.dll
    + 2008-09-27 20:22:14 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_98dffab1\mscorlib.dll
    + 2008-09-27 20:25:42 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b756ea50\mscorlib.dll
    + 2008-09-27 20:25:36 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_75289693\System.Design.dll
    + 2008-09-27 20:22:10 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_eede6db0\System.Design.dll
    + 2008-09-27 20:21:58 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_376d8775\System.Drawing.Design.dll
    + 2008-09-27 20:25:26 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6fcca027\System.Drawing.Design.dll
    + 2008-09-27 20:22:12 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_452814c5\System.Drawing.dll
    + 2008-09-27 20:25:38 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_953c4053\System.Drawing.dll
    + 2008-09-27 20:25:30 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3af9c93d\System.Windows.Forms.dll
    + 2008-09-27 20:22:02 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f028504c\System.Windows.Forms.dll
    + 2008-09-27 20:22:06 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0689be4a\System.Xml.dll
    + 2008-09-27 20:25:34 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d0bf1e4e\System.Xml.dll
    + 2008-09-27 20:25:24 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2640bec4\System.dll
    + 2008-09-27 20:21:56 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_29ee6ff8\System.dll
    + 2008-09-27 20:25:08 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_0267cde2\vjscor.dll
    + 2008-09-27 20:25:56 18,432 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_9b85792c\vjscor.dll
    + 2008-09-27 20:25:44 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_2615ac51\VJSharpCodeProvider.dll
    + 2008-09-27 20:22:16 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_4b382739\VJSharpCodeProvider.dll
    + 2008-09-27 20:22:26 4,468,736 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_0c347aa1\vjslib.dll
    + 2008-09-27 20:25:54 12,165,120 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_48d677d9\vjslib.dll
    + 2008-09-27 20:22:18 32,768 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_26dfb067\vjslibcw.dll
    + 2008-09-27 20:25:48 16,896 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_0918ce1a\VJSWfcBrowserStubLib.dll
    + 2008-09-27 20:22:18 10,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_78809710\VJSWfcBrowserStubLib.dll
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2003-02-20 17:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    + 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    + 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2432\_fusion.dll
    - 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2004-07-15 12:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2008-04-14 02:34:00 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
    + 2008-05-07 09:07:24 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    + 2008-05-07 09:07:24 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
    + 2008-05-09 10:55:00 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2008-05-09 10:55:00 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
    + 2008-05-09 10:55:00 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
    + 2008-05-09 10:55:00 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2008-05-08 11:24:44 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
    + 2008-05-09 10:55:00 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
    - 2008-04-14 02:33:28 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-09-27 19:42:50 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-09-27 19:42:50 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-09-27 19:42:50 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-09-27 19:42:50 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-04-14 02:33:40 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    + 2008-05-09 10:55:00 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    - 2008-04-14 02:33:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    + 2008-05-09 10:55:00 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    - 2008-04-14 02:33:48 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2008-05-09 10:55:00 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    - 2008-04-14 02:34:30 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    - 2008-04-14 02:33:50 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    + 2008-05-09 10:55:00 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216]
    "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760]
    "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
    No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104]
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\server.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
    "C:\\TYPSoft FTP Server\\ftpserv.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
    "C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.EXE"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\WINDOWS\\System32\\FXSCLNT.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25845:TCP"= 25845:TCP:PORT_25845
    "19857:TCP"= 19857:TCP:PORT_19857
    "16773:TCP"= 16773:TCP:PORT_16773
    "15758:TCP"= 15758:TCP:PORT_15758
    "6548:TCP"= 6548:TCP:PORT_6548
    "5716:TCP"= 5716:TCP:PORT_5716
    "18141:TCP"= 18141:TCP:PORT_18141
    "16172:TCP"= 16172:TCP:PORT_16172
    "33762:TCP"= 33762:TCP:PORT_33762
    "30680:TCP"= 30680:TCP:PORT_30680
    "40560:TCP"= 40560:TCP:PORT_40560
    "37024:TCP"= 37024:TCP:PORT_37024
    "39312:TCP"= 39312:TCP:PORT_39312
    "61223:TCP"= 61223:TCP:PORT_61223
    "21336:TCP"= 21336:TCP:PORT_21336
    "53457:TCP"= 53457:TCP:PORT_53457
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184]
    R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
    R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704]
    R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912]
    R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
    R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368]
    R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878]
    R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
    R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100]
    R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656]
    R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
    S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
    S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
    S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]
    S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752]
    .
    Contenu du dossier 'Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 17:26:34
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
    C:\ACER\EMANAGER\ANBMSERV.EXE
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
    C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
    C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\TYPSOFT FTP SERVER\FTPSERV.EXE
    C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
    C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
    C:\PROGRAM FILES\ULTRAMON\ULTRAMON.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\ComboFix\pv.cfexe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-28 17:30:22 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-09-28 15:30:18
    ComboFix2.txt 2008-09-27 20:06:22

    Avant-CF: 15ÿ589ÿ965ÿ824 octets libres
    Après-CF: 15,484,026,880 octets libres

    369 --- E O F --- 2008-09-27 20:22:14
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Refais avec ceci :

    KillAll::

    Folder::
    C:\Documents and Settings\clement\Application Data\?ystem32
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. clément75
     
    ComboFix 08-09-27.03 - clement 2008-09-28 17:42:13.3 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1636 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-28 16:14 . 2008-09-28 16:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk
    2008-09-28 11:49 . 2008-09-28 11:49 <REP> d-------- C:\ToolBar SD
    2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd
    2008-09-27 21:11 . 2008-09-27 21:11 <REP> d-------- C:\Program Files\CleanUp!
    2008-09-27 20:59 . 2008-09-27 20:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    2008-09-27 20:33 . 2008-09-27 20:33 <REP> d-------- C:\Program Files\Navilog1
    2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
    2008-09-27 18:43 . 2008-09-27 18:43 <REP> d-------- C:\WINDOWS\ERUNT
    2008-09-27 18:34 . 2008-09-25 04:31 <REP> d-------- C:\SDFix
    2008-09-27 17:52 . 2008-09-27 17:52 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-27 14:02 . 2008-09-27 14:02 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-27 13:27 . 2008-09-27 13:27 <REP> d--hs---- C:\FOUND.005
    2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-09-27 03:47 . 2008-09-27 03:47 <REP> d-------- C:\Documents and Settings\clement\Application Data\?ystem32
    2008-09-26 23:35 . 2008-09-26 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-09-26 21:53 . 2008-09-26 21:53 <REP> d-------- C:\Program Files\Next Limit
    2008-09-26 21:16 . 2008-09-26 21:16 <REP> d-------- C:\WINDOWS\system32\URTTEMP
    2008-09-23 22:24 . 2008-09-23 22:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-16 11:07 . 2008-09-16 11:07 <REP> d-------- C:\Documents and Settings\clement\Application Data\U3
    2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
    2008-09-06 03:11 . 2008-09-06 03:11 <REP> d-------- C:\Program Files\Call of Duty
    2008-09-06 02:59 . 2008-09-06 02:59 <REP> d-------- C:\Program Files\D-Tools
    2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\clement\Application Data\Azureus
    2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-30 23:08 . 2008-08-30 23:09 <REP> d-------- C:\Program Files\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-28 15:45 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
    2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
    2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp
    2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
    2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-09-28_17.29.57.28 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-28 15:31:14 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-28 15:31:14 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-28 15:31:14 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-28 15:31:14 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216]
    "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760]
    "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
    No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104]
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\server.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
    "C:\\TYPSoft FTP Server\\ftpserv.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
    "C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.EXE"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\WINDOWS\\System32\\FXSCLNT.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25845:TCP"= 25845:TCP:PORT_25845
    "19857:TCP"= 19857:TCP:PORT_19857
    "16773:TCP"= 16773:TCP:PORT_16773
    "15758:TCP"= 15758:TCP:PORT_15758
    "6548:TCP"= 6548:TCP:PORT_6548
    "5716:TCP"= 5716:TCP:PORT_5716
    "18141:TCP"= 18141:TCP:PORT_18141
    "16172:TCP"= 16172:TCP:PORT_16172
    "33762:TCP"= 33762:TCP:PORT_33762
    "30680:TCP"= 30680:TCP:PORT_30680
    "40560:TCP"= 40560:TCP:PORT_40560
    "37024:TCP"= 37024:TCP:PORT_37024
    "39312:TCP"= 39312:TCP:PORT_39312
    "61223:TCP"= 61223:TCP:PORT_61223
    "21336:TCP"= 21336:TCP:PORT_21336
    "53457:TCP"= 53457:TCP:PORT_53457
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184]
    R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
    R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704]
    R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912]
    R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
    R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368]
    R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878]
    R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
    R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100]
    R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656]
    R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
    S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
    S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
    S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]
    S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752]
    .
    Contenu du dossier 'Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 17:45:35
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
    C:\ACER\EMANAGER\ANBMSERV.EXE
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
    C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
    C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE
    C:\PROGRAM FILES\NDAS\SYSTEM\NDASSVC.EXE
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\TYPSOFT FTP SERVER\FTPSERV.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
    C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-28 17:48:53 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-09-28 15:48:48
    ComboFix3.txt 2008-09-27 20:06:22
    ComboFix2.txt 2008-09-28 15:30:24

    Avant-CF: 15ÿ392ÿ768ÿ000 octets libres
    Après-CF: 15,380,938,752 octets libres

    272 --- E O F --- 2008-09-27 20:22:14
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bof, essaie ceci :

    KillAll::

    Folder::
    C:\Documents and Settings\clement\Application Data\system32
    0
  8. clément75
     
    ComboFix 08-09-27.03 - clement 2008-09-28 17:57:47.4 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1639 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\clement\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\clement\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-28 16:14 . 2008-09-28 16:14 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-28 13:33 . 2008-09-28 13:33 124 --a------ C:\Appareil mobile.lnk
    2008-09-28 11:49 . 2008-09-28 11:49 <REP> d-------- C:\ToolBar SD
    2008-09-28 11:49 . 2008-09-28 12:40 6,060 --a------ C:\Documents and Settings\Orph.egd
    2008-09-27 21:11 . 2008-09-27 21:11 <REP> d-------- C:\Program Files\CleanUp!
    2008-09-27 20:59 . 2008-09-27 20:59 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    2008-09-27 20:33 . 2008-09-27 20:33 <REP> d-------- C:\Program Files\Navilog1
    2008-09-27 18:47 . 2008-09-27 18:47 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
    2008-09-27 18:43 . 2008-09-27 18:43 <REP> d-------- C:\WINDOWS\ERUNT
    2008-09-27 18:34 . 2008-09-25 04:31 <REP> d-------- C:\SDFix
    2008-09-27 17:52 . 2008-09-27 17:52 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-27 14:04 . 2008-09-27 14:04 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-27 14:02 . 2008-09-27 14:02 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-27 13:27 . 2008-09-27 13:27 <REP> d--hs---- C:\FOUND.005
    2008-09-27 03:58 . 2008-09-28 15:57 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-09-27 03:58 . 2008-09-28 15:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-09-27 03:47 . 2008-09-27 03:47 <REP> d-------- C:\Documents and Settings\clement\Application Data\?ystem32
    2008-09-26 23:35 . 2008-09-26 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-09-26 21:53 . 2008-09-26 21:53 <REP> d-------- C:\Program Files\Next Limit
    2008-09-26 21:16 . 2008-09-26 21:16 <REP> d-------- C:\WINDOWS\system32\URTTEMP
    2008-09-23 22:24 . 2008-09-23 22:24 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-09-19 01:00 . 2008-09-25 21:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-19 01:00 . 2008-09-19 01:00 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-16 11:07 . 2008-09-16 11:07 <REP> d-------- C:\Documents and Settings\clement\Application Data\U3
    2008-09-14 15:48 . 2008-09-14 15:49 7,168 --ahs---- C:\Documents and Settings\Thumbs.db
    2008-09-06 03:11 . 2008-09-06 03:11 <REP> d-------- C:\Program Files\Call of Duty
    2008-09-06 02:59 . 2008-09-06 02:59 <REP> d-------- C:\Program Files\D-Tools
    2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\clement\Application Data\Azureus
    2008-08-30 23:09 . 2008-08-30 23:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-08-30 23:08 . 2008-08-30 23:09 <REP> d-------- C:\Program Files\Azureus

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-28 16:01 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
    2008-09-27 12:09 96,384 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
    2008-09-26 23:58 98,304 ----a-w C:\WINDOWS\DUMP6002.tmp
    2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-16 00:12 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
    2008-07-19 19:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-07-03 14:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-07-02 11:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2007-11-20 15:13 57,088 ----a-w C:\Documents and Settings\clement\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-09-28_17.29.57.28 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-28 14:12:24 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-28 15:31:14 65,320 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-09-28 14:12:24 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-28 15:31:14 79,654 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-09-28 14:12:24 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-28 15:31:14 410,468 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-09-28 14:12:24 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-28 15:31:14 478,826 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 2889216]
    "eRecoveryService"="C:\Windows\System32\Check.exe" [2004-11-24 245760]
    "FTP Server"="C:\TYPSOF~1\ftpserv.exe" [2003-12-04 902144]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Tweak UI"="TWEAKUI.CPL" [1999-11-15 C:\WINDOWS\system32\TWEAKUI.CPL]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
    No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [2006-10-24 1172992]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-11-25 2746104]
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-20 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-08 14:03 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\backburner\\server.exe"=
    "C:\\Program Files\\Autodesk\\3dsMax8\\VRLServer.exe"=
    "C:\\TYPSoft FTP Server\\ftpserv.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
    "C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.EXE"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\WINDOWS\\System32\\FXSCLNT.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25845:TCP"= 25845:TCP:PORT_25845
    "19857:TCP"= 19857:TCP:PORT_19857
    "16773:TCP"= 16773:TCP:PORT_16773
    "15758:TCP"= 15758:TCP:PORT_15758
    "6548:TCP"= 6548:TCP:PORT_6548
    "5716:TCP"= 5716:TCP:PORT_5716
    "18141:TCP"= 18141:TCP:PORT_18141
    "16172:TCP"= 16172:TCP:PORT_16172
    "33762:TCP"= 33762:TCP:PORT_33762
    "30680:TCP"= 30680:TCP:PORT_30680
    "40560:TCP"= 40560:TCP:PORT_40560
    "37024:TCP"= 37024:TCP:PORT_37024
    "39312:TCP"= 39312:TCP:PORT_39312
    "61223:TCP"= 61223:TCP:PORT_61223
    "21336:TCP"= 21336:TCP:PORT_21336
    "53457:TCP"= 53457:TCP:PORT_53457
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys [2005-02-09 109184]
    R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
    R1 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys [2005-02-09 120704]
    R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 14912]
    R1 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
    R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 78208]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 10363]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 4054]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-10-21 2368]
    R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\WINDOWS\system32\UltraMonUtility.sys [2004-04-12 10288]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-12-18 193878]
    R3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
    R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2004-11-03 69632]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-12-23 7100]
    R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2005-02-09 38656]
    R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2004-04-12 8240]
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
    S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
    S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
    S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]
    S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2005-02-09 90752]
    .
    Contenu du dossier 'Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 18:01:09
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\AUTODESK SHARED\SERVICE\ADSKSCSRV.EXE
    C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
    C:\PROGRAM FILES\AUTODESK\3DSMAX8\MENTALRAY\SATELLITE\RAYSAT_3DSMAX8SERVER.EXE
    C:\PROGRAM FILES\NDAS\SYSTEM\NDASSVC.EXE
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE
    C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
    C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\COMBOFIX\PV.CFEXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-28 18:04:27 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-09-28 16:04:24
    ComboFix4.txt 2008-09-27 20:06:22
    ComboFix3.txt 2008-09-28 15:30:24
    ComboFix2.txt 2008-09-28 15:48:56

    Avant-CF: 15ÿ305ÿ310ÿ208 octets libres
    Après-CF: 15,291,482,112 octets libres

    272 --- E O F --- 2008-09-27 20:22:14
    0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Comprends pas...

    As-tu déjà fait un scan avec Spybot (Je ne m'en souviens plus) ?
    0
  10. clément75
     
    ou j ai deja fait
    Le rapport indique des trucs anormaux?
    Depuis les dernieres manip, je n ai pas vu apparaitre de pub par outerinfo et pas de message d antivir au demarrage.
    Je ne sais pas si c est bon signe et definitif :
    veux tu que je redemarre pour voir si Antivir m indique le virus?
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui.
    0
  12. clément75
     
    J ai redemarrer et PAS DE MESSAGE D ANTIVIR ....
    C 'est tres bon signe non, peut etre meme un probleme resolu?
    0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Poste un nouveau rapport HijackThis.
    0
  14. clément75
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:23:52, on 28/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\acer\epm\epm-dm.exe
    C:\TYPSOF~1\ftpserv.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Notebook Hardware Control\nhc.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\No-IP\DUC20.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\hijackthis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
    O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
    O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance HijackThis et choisis Do a system scan only

    ---> Coche les cases qui sont devant les lignes suivantes :

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

    ---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

    ---> Redémarre ton PC et poste un nouveau rapport HijackThis
    0
  16. clément75
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:34:58, on 28/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\acer\epm\epm-dm.exe
    C:\TYPSOF~1\ftpserv.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Notebook Hardware Control\nhc.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\No-IP\DUC20.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\hijackthis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [FTP Server] C:\TYPSOF~1\ftpserv.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
    O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
    O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O24 - Desktop Component 1: Google - https://www.google.fr/?gws_rd=ssl
    0
  17. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Pour finir :

    ---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
    https://www.ccleaner.com/ccleaner/download

    ---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

    ---> Télécharge Tools Cleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    Clique sur Recherche et laisse le scan agir.
    Clique sur Suppression pour finaliser.
    Tu peux, si tu le souhaites, te servir des Options facultatives.
    Clique sur Quitter pour obtenir le rapport.
    Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
    http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

    ---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
    https://www.vulgarisation-informatique.com/creer-point-restauration.php
    0
  18. clément75
     
    J ai fait toutes les etapes pour finaliser
    Peux-tu me dire si je peux enfin dire "ouf"?
    En tout cas, pas de nouvelles des pubs et du virus.

    [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\cleannavi.txt: trouvé !
    C:\TB.txt: trouvé !
    C:\SDFIX: trouvé !
    C:\HijackThis: trouvé !
    C:\Qoobox: trouvé !
    C:\Toolbar SD: trouvé !
    C:\WINDOWS\msnfix.txt: trouvé !
    C:\WINDOWS\Downloaded Program Files\*.msnfix: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\SdFix.exe: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\Msnfix.zip: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.exe: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.lnk: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\ComboFix.exe: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\ToolBarSD.exe: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\hijackthis.log: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\fixnavi.txt: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\cleannavi.txt: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\TB.txt: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\SDFIX: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\MsnFix: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\SDFix\SDFIX: trouvé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\MSNFix\MsnFix: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\hijackthis\HijackThis.exe: trouvé !
    C:\hijackthis\hijackthis.log: trouvé !
    C:\hijackthis\ancien\hijackthis.log: trouvé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    ---------------------------------
    -->- Suppression:
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\SdFix.exe: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\Msnfix.zip: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.exe: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\Navilog1.lnk: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\clement\Bureau\recherche virus$\ToolBarSD.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\hijackthis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\cleannavi.txt: supprimé !
    C:\TB.txt: supprimé !
    C:\WINDOWS\msnfix.txt: supprimé !
    C:\WINDOWS\Downloaded Program Files\*.msnfix: ERREUR DE SUPPRESSION !!
    C:\Documents and Settings\clement\Bureau\recherche virus$\hijackthis.log: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\fixnavi.txt: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\cleannavi.txt: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\TB.txt: supprimé !
    C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\hijackthis\hijackthis.log: supprimé !
    C:\hijackthis\ancien\hijackthis.log: supprimé !
    C:\SDFIX: supprimé !
    C:\HijackThis: supprimé !
    C:\Qoobox: supprimé !
    C:\Toolbar SD: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\SDFIX: supprimé !
    C:\Documents and Settings\clement\Bureau\recherche virus$\MsnFix: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    0
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Voilà, c'est fini.

    Supprime ComboFix et Tools Cleaner s'ils sont encore présents.
    0
  20. clément75
     
    Ok, je vais faire ca

    Je ne sais pas trop quoi dire si ce n'est merci infiniment pour ta patience et ta generosité
    merci merci et merci, franchement sans toi, j etais parti pour un reformatage et une semaine de perdue

    MERCI
    0
Précédent
  • 1
  • 2
  • 3
  • 4