Besoin d'aide 3VxVGoRV.exe Virus???

Thango -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
Depuis deux jours j'ai ce programme qui démarre seul et fais ouvrir(enfin je crois que c,est ce programme) une fenetre IE de pub exemple Bowflex etc..

J'ai scanner mon ordinateur avec Avast,HijackThis,Ad-aware,CCleaner,SPybot Search and destroy,MalwareBytes et A-Squared....Javais kelke truc louche etc... Les programmes on effacer mais ce programme continue de revenir meme si je le supprime.

J'ai chercher sur internet et je n'est rien trouvé. J'aimerais savoir si quelqu'un connais ce programme et comment sens débarasser.

merci beaucoup d'avance!
Configuration: Windows XP
Firefox 3.0.3

25 réponses

  • 1
  • 2
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    /!\ Seul Thango peut suivre cette procédure /!\

    1/

    ---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

    ---> Copie le texte ci-dessous par sélection puis Ctrl+C :

    KillAll::

    File::
    C:\WINDOWS\pp_winini.bak
    C:\WINDOWS\pp_sysini.bak
    C:\WINDOWS\system32\5a1w38JH.exe
    C:\WINDOWS\system32\KcrnaeghDrv.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At25.job
    C:\WINDOWS\Tasks\At26.job
    C:\WINDOWS\Tasks\At27.job
    C:\WINDOWS\Tasks\At28.job
    C:\WINDOWS\Tasks\At29.job
    C:\WINDOWS\Tasks\At30.job
    C:\WINDOWS\Tasks\At31.job
    C:\WINDOWS\Tasks\At32.job
    C:\WINDOWS\Tasks\At33.job
    C:\WINDOWS\Tasks\At34.job
    C:\WINDOWS\Tasks\At35.job
    C:\WINDOWS\Tasks\At36.job
    C:\WINDOWS\Tasks\At37.job
    C:\WINDOWS\Tasks\At38.job
    C:\WINDOWS\Tasks\At39.job
    C:\WINDOWS\Tasks\At40.job
    C:\WINDOWS\Tasks\At41.job
    C:\WINDOWS\Tasks\At42.job
    C:\WINDOWS\Tasks\At43.job
    C:\WINDOWS\Tasks\At44.job
    C:\WINDOWS\Tasks\At45.job
    C:\WINDOWS\Tasks\At46.job
    C:\WINDOWS\Tasks\At47.job
    C:\WINDOWS\Tasks\At48.job

    Registry::
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{AB0A0B68-6E3C-31D2-8901-3A11E015D25A}"=-

    ---> Colle la sélection dans le bloc-notes

    ---> Enregistre ce fichier sur le bureau (Impératif)

    ---> Nom du fichier : CFScript
    ---> Type du fichier : tous les fichiers
    ---> Clique sur Enregistrer
    ---> Quitte le bloc-notes

    2/

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
    1
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    C'est juste un paramètre dans les options d'Internet Explorer.
    1
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Poste un nouveau rapport HijackThis.
    1
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. thango
     
    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1259
    Windows 5.1.2600 Service Pack 3

    2008-10-13 00:19:25
    mbam-log-2008-10-13 (00-19-22).txt

    Type de recherche: Examen complet (C:\|G:\|)
    Eléments examinés: 195051
    Temps écoulé: 1 hour(s), 57 minute(s), 17 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\3VxVGoRV.exe (Trojan.Agent) -> No action taken.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\3VxVGoRV.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\y0X53O82.dll (Trojan.BHO) -> No action taken.
    C:\System Volume Information\_restore{54799ED4-60FC-486A-9DF2-31D5C5BF2E29}\RP1170\A0299516.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{54799ED4-60FC-486A-9DF2-31D5C5BF2E29}\RP1170\A0299517.exe (Trojan.Agent) -> No action taken.
    G:\Azureus Downloads\Prog\Avast.Pro.v4.7.981.Incl.Keymaker-CORE\Avast.Pro.v4.7.981.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\3VxVGoRV.exe.a_a (Trojan.Agent) -> No action taken.
    0
  6. thango
     
    Oui j'ai cliqué sur supprimé la sélection et j'ai même esseyer ComboFix

    Voici le log Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:24, on 2008-10-14
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:6588
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-329068152-261478967-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-329068152-261478967-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jocelyne\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  7. Thango
     
    Si il se lance.....mais le problème est que meme si je supprime ce fichier 3VxVgRV.exe et tout autres fichier ki lui ressemble et meme si les Anti-Spyware,Anti-Virus le trouve et le supprime aussi......il continue de revenir.....

    Je suis découragé je ne sais plus quoi faire.

    Oh et en passant sa la commencé un jour quand je jouais a Warhammer Online car si non avant mon ordi roulais très bien et j'ai toujours bien protégé mon ordinateur.

    Ce qui est bizarre c'est que je ne trouve aucune documention par rapport a ce fichier(virus)
    0
  8. Thango
     
    Tiens le voila

    ComboFix 08-10-12.01 - jocelyne 2008-10-13 23:44:33.1 - NTFSx86

    Lancé depuis: C:\Documents and Settings\jocelyne\Bureau\ComboFix.exe

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\3VxVGoRV.exe
    C:\WINDOWS\system32\3VxVGoRV.exe.a_a
    C:\WINDOWS\system32\BReWErS.dll
    C:\WINDOWS\Tasks\At25.job
    C:\WINDOWS\Tasks\At26.job
    C:\WINDOWS\Tasks\At27.job
    C:\WINDOWS\Tasks\At28.job
    C:\WINDOWS\Tasks\At29.job
    C:\WINDOWS\Tasks\At30.job
    C:\WINDOWS\Tasks\At31.job
    C:\WINDOWS\Tasks\At32.job
    C:\WINDOWS\Tasks\At33.job
    C:\WINDOWS\Tasks\At34.job
    C:\WINDOWS\Tasks\At35.job
    C:\WINDOWS\Tasks\At36.job
    C:\WINDOWS\Tasks\At37.job
    C:\WINDOWS\Tasks\At38.job
    C:\WINDOWS\Tasks\At39.job
    C:\WINDOWS\Tasks\At40.job
    C:\WINDOWS\Tasks\At41.job
    C:\WINDOWS\Tasks\At42.job
    C:\WINDOWS\Tasks\At43.job
    C:\WINDOWS\Tasks\At44.job
    C:\WINDOWS\Tasks\At45.job
    C:\WINDOWS\Tasks\At46.job
    C:\WINDOWS\Tasks\At47.job
    C:\WINDOWS\Tasks\At48.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-12 22:26 . 2008-10-12 22:26 817 --a------ C:\WINDOWS\pp_winini.bak
    2008-10-12 22:26 . 2008-10-12 22:26 326 --a------ C:\WINDOWS\pp_sysini.bak
    2008-10-12 19:16 . 2008-10-12 19:17 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Documents and Settings\jocelyne\Application Data\Malwarebytes
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-12 01:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-12 01:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-12 00:41 . 2008-10-12 00:41 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-10-11 18:46 . 2008-10-11 18:45 30,272 --a------ C:\WINDOWS\system32\5a1w38JH.exe
    2008-09-28 19:53 . 2008-06-14 13:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-28 19:52 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-09-28 19:52 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-09-28 19:38 . 2008-09-28 19:38 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-28 19:38 . 2008-09-28 19:38 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-24 13:56 . 2004-08-18 04:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-09-20 01:31 . 2008-09-20 01:31 <REP> d-------- C:\Program Files\Ventrilo
    2008-09-18 15:37 . 2008-09-18 15:37 <REP> d-------- C:\ProgramData
    2008-09-18 15:37 . 2008-09-18 15:37 5,210 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 03:23 --------- d-----w C:\Program Files\Zoom Player
    2008-10-13 04:03 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-10-12 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-11 05:56 --------- d-----w C:\Documents and Settings\jocelyne\Application Data\Azureus
    2008-10-08 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-08 23:43 --------- d-----w C:\Program Files\Electronic Arts
    2008-10-06 17:59 --------- d-----w C:\Documents and Settings\jocelyne\Application Data\Canon
    2008-09-20 05:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-18 01:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-07 18:08 --------- d-----w C:\Program Files\QuickTime
    2008-09-07 18:06 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-07 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-01 22:18 --------- d-----w C:\Program Files\SpeedFan
    2008-08-27 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-08-27 13:08 --------- d-----w C:\Program Files\Logitech
    2008-08-27 13:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-07-20 17:25 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-20 17:25 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-04-18 18:37 22,328 ----a-w C:\Documents and Settings\jocelyne\Application Data\PnkBstrK.sys
    1990-01-01 01:01 49,152 --sh--r C:\WINDOWS\system32\KcrnaeghDrv.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-14 208896]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-14 69632]
    "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]

    C:\Documents and Settings\jocelyne\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-17 528384]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
    "{AB0A0B68-6E3C-31D2-8901-3A11E015D25A}"= "C:\WINDOWS\system32\KcrnaeghDrv.dll" [1989-12-31 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\System32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    --a------ 2008-06-13 18:27 2752512 C:\Program Files\Electronic Arts\EADM\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
    --a------ 2005-11-02 11:42 188928 C:\Program Files\Logitech\G-series Software\LCDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
    --a------ 2005-11-02 11:56 1110079 C:\Program Files\Logitech\G-series Software\LGDCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-13 22:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 05:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    --a------ 2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2004-11-15 06:20 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Nla"=3 (0x3)
    "Alerter"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\system\\mysql\\bin\\mysqld.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\mangos\\realmd.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\system\\apache\\bin\\apache.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\mangos\\mangosd.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-10-12 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-13 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-12 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-13 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Explorer_Run-3ilEW2iehq - C:\Documents and Settings\All Users\Application Data\ejyvkhel\kvyhqriv.exe
    Notify-AtiExtEvent - (no file)
    MSConfigStartUp-ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    MSConfigStartUp-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    MSConfigStartUp-gcasServ - C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\jocelyne\Application Data\Mozilla\Firefox\Profiles\iflln68j.Utilisateur par défaut\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 23:48:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 23:52:36 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-14 03:52:32

    Avant-CF: 26 719 870 976 octets libres
    Après-CF: 26,702,278,656 octets libres

    247 --- E O F --- 2008-09-29 05:01:02
    0
  9. Thango
     
    Tiens le voila

    ComboFix 08-10-12.01 - jocelyne 2008-10-13 23:44:33.1 - NTFSx86

    Lancé depuis: C:\Documents and Settings\jocelyne\Bureau\ComboFix.exe

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\3VxVGoRV.exe
    C:\WINDOWS\system32\3VxVGoRV.exe.a_a
    C:\WINDOWS\system32\BReWErS.dll
    C:\WINDOWS\Tasks\At25.job
    C:\WINDOWS\Tasks\At26.job
    C:\WINDOWS\Tasks\At27.job
    C:\WINDOWS\Tasks\At28.job
    C:\WINDOWS\Tasks\At29.job
    C:\WINDOWS\Tasks\At30.job
    C:\WINDOWS\Tasks\At31.job
    C:\WINDOWS\Tasks\At32.job
    C:\WINDOWS\Tasks\At33.job
    C:\WINDOWS\Tasks\At34.job
    C:\WINDOWS\Tasks\At35.job
    C:\WINDOWS\Tasks\At36.job
    C:\WINDOWS\Tasks\At37.job
    C:\WINDOWS\Tasks\At38.job
    C:\WINDOWS\Tasks\At39.job
    C:\WINDOWS\Tasks\At40.job
    C:\WINDOWS\Tasks\At41.job
    C:\WINDOWS\Tasks\At42.job
    C:\WINDOWS\Tasks\At43.job
    C:\WINDOWS\Tasks\At44.job
    C:\WINDOWS\Tasks\At45.job
    C:\WINDOWS\Tasks\At46.job
    C:\WINDOWS\Tasks\At47.job
    C:\WINDOWS\Tasks\At48.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-12 22:26 . 2008-10-12 22:26 817 --a------ C:\WINDOWS\pp_winini.bak
    2008-10-12 22:26 . 2008-10-12 22:26 326 --a------ C:\WINDOWS\pp_sysini.bak
    2008-10-12 19:16 . 2008-10-12 19:17 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Documents and Settings\jocelyne\Application Data\Malwarebytes
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-12 01:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-12 01:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-12 00:41 . 2008-10-12 00:41 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-10-11 18:46 . 2008-10-11 18:45 30,272 --a------ C:\WINDOWS\system32\5a1w38JH.exe
    2008-09-28 19:53 . 2008-06-14 13:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-28 19:52 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-09-28 19:52 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-09-28 19:38 . 2008-09-28 19:38 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-28 19:38 . 2008-09-28 19:38 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-24 13:56 . 2004-08-18 04:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-09-20 01:31 . 2008-09-20 01:31 <REP> d-------- C:\Program Files\Ventrilo
    2008-09-18 15:37 . 2008-09-18 15:37 <REP> d-------- C:\ProgramData
    2008-09-18 15:37 . 2008-09-18 15:37 5,210 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 03:23 --------- d-----w C:\Program Files\Zoom Player
    2008-10-13 04:03 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-10-12 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-11 05:56 --------- d-----w C:\Documents and Settings\jocelyne\Application Data\Azureus
    2008-10-08 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-08 23:43 --------- d-----w C:\Program Files\Electronic Arts
    2008-10-06 17:59 --------- d-----w C:\Documents and Settings\jocelyne\Application Data\Canon
    2008-09-20 05:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-18 01:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-07 18:08 --------- d-----w C:\Program Files\QuickTime
    2008-09-07 18:06 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-07 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-01 22:18 --------- d-----w C:\Program Files\SpeedFan
    2008-08-27 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-08-27 13:08 --------- d-----w C:\Program Files\Logitech
    2008-08-27 13:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-07-20 17:25 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-20 17:25 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-04-18 18:37 22,328 ----a-w C:\Documents and Settings\jocelyne\Application Data\PnkBstrK.sys
    1990-01-01 01:01 49,152 --sh--r C:\WINDOWS\system32\KcrnaeghDrv.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-14 208896]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-14 69632]
    "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]

    C:\Documents and Settings\jocelyne\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-17 528384]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
    "{AB0A0B68-6E3C-31D2-8901-3A11E015D25A}"= "C:\WINDOWS\system32\KcrnaeghDrv.dll" [1989-12-31 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\System32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    --a------ 2008-06-13 18:27 2752512 C:\Program Files\Electronic Arts\EADM\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
    --a------ 2005-11-02 11:42 188928 C:\Program Files\Logitech\G-series Software\LCDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
    --a------ 2005-11-02 11:56 1110079 C:\Program Files\Logitech\G-series Software\LGDCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-13 22:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 05:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    --a------ 2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2004-11-15 06:20 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Nla"=3 (0x3)
    "Alerter"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\system\\mysql\\bin\\mysqld.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\mangos\\realmd.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\system\\apache\\bin\\apache.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\mangos\\mangosd.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-10-12 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-13 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-12 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-13 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-14 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]

    2008-10-11 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\5a1w38JH.exe [2008-10-11 18:45]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Explorer_Run-3ilEW2iehq - C:\Documents and Settings\All Users\Application Data\ejyvkhel\kvyhqriv.exe
    Notify-AtiExtEvent - (no file)
    MSConfigStartUp-ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    MSConfigStartUp-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    MSConfigStartUp-gcasServ - C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\jocelyne\Application Data\Mozilla\Firefox\Profiles\iflln68j.Utilisateur par défaut\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 23:48:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 23:52:36 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-14 03:52:32

    Avant-CF: 26 719 870 976 octets libres
    Après-CF: 26,702,278,656 octets libres

    247 --- E O F --- 2008-09-29 05:01:02
    0
  10. Thango
     
    Voici le log:

    ComboFix 08-10-14.03 - jocelyne 2008-10-14 18:12:10.2 - NTFSx86
    Lancé depuis: C:\Documents and Settings\jocelyne\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\jocelyne\Bureau\CFScript.txt
    * Resident AV is active

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

    FILE ::
    C:\WINDOWS\pp_sysini.bak
    C:\WINDOWS\pp_winini.bak
    C:\WINDOWS\system32\5a1w38JH.exe
    C:\WINDOWS\system32\KcrnaeghDrv.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At25.job
    C:\WINDOWS\Tasks\At26.job
    C:\WINDOWS\Tasks\At27.job
    C:\WINDOWS\Tasks\At28.job
    C:\WINDOWS\Tasks\At29.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At30.job
    C:\WINDOWS\Tasks\At31.job
    C:\WINDOWS\Tasks\At32.job
    C:\WINDOWS\Tasks\At33.job
    C:\WINDOWS\Tasks\At34.job
    C:\WINDOWS\Tasks\At35.job
    C:\WINDOWS\Tasks\At36.job
    C:\WINDOWS\Tasks\At37.job
    C:\WINDOWS\Tasks\At38.job
    C:\WINDOWS\Tasks\At39.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At40.job
    C:\WINDOWS\Tasks\At41.job
    C:\WINDOWS\Tasks\At42.job
    C:\WINDOWS\Tasks\At43.job
    C:\WINDOWS\Tasks\At44.job
    C:\WINDOWS\Tasks\At45.job
    C:\WINDOWS\Tasks\At46.job
    C:\WINDOWS\Tasks\At47.job
    C:\WINDOWS\Tasks\At48.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-14 15:24 . 2008-10-14 15:24 <REP> d-------- C:\Program Files\Avira
    2008-10-14 15:24 . 2008-10-14 15:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-10-14 12:23 . 2008-10-14 12:23 1,994 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-14 12:20 . 2008-10-14 12:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-14 00:00 . 2008-10-14 00:00 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-12 19:16 . 2008-10-12 19:17 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Documents and Settings\jocelyne\Application Data\Malwarebytes
    2008-10-12 01:20 . 2008-10-12 01:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-12 01:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-12 01:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-12 00:41 . 2008-10-12 00:41 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
    2008-09-28 19:53 . 2008-06-14 13:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-28 19:52 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-09-28 19:52 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-09-28 19:38 . 2008-09-28 19:38 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-28 19:38 . 2008-09-28 19:38 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-24 13:56 . 2004-08-18 04:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-09-20 01:31 . 2008-09-20 01:31 <REP> d-------- C:\Program Files\Ventrilo
    2008-09-18 15:37 . 2008-09-18 15:37 <REP> d-------- C:\ProgramData
    2008-09-18 15:37 . 2008-09-18 15:37 5,210 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 19:15 --------- d-----w C:\Program Files\Alwil Software
    2008-10-14 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-14 16:31 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-10-14 03:23 --------- d-----w C:\Program Files\Zoom Player
    2008-10-13 02:26 18,916 ----a-w C:\WINDOWS\system32\tfak.dll
    2008-10-11 05:56 --------- d-----w C:\Documents and Settings\jocelyne\Application Data\Azureus
    2008-10-10 12:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
    2008-10-10 12:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-10-08 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-08 23:43 --------- d-----w C:\Program Files\Electronic Arts
    2008-10-06 17:59 --------- d-----w C:\Documents and Settings\jocelyne\Application Data\Canon
    2008-10-01 19:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-09-20 05:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-18 01:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-09 03:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-09 02:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-07 18:08 --------- d-----w C:\Program Files\QuickTime
    2008-09-07 18:06 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-07 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-01 22:18 --------- d-----w C:\Program Files\SpeedFan
    2008-08-27 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-08-27 13:08 --------- d-----w C:\Program Files\Logitech
    2008-08-27 13:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-08-18 16:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-07-20 17:25 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-07-20 17:25 249,856 ------w C:\WINDOWS\Setup1.exe
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-04-18 18:37 22,328 ----a-w C:\Documents and Settings\jocelyne\Application Data\PnkBstrK.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-13_23.52.05.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-09 17:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 22:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 19:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 14:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2004-07-31 22:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
    + 2008-05-19 01:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
    - 2008-10-14 03:49:45 72,966 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-10-14 19:25:03 72,966 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-10-14 03:49:45 87,070 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-10-14 19:25:03 87,070 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-10-14 03:49:45 444,714 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-10-14 19:25:03 444,714 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-10-14 03:49:46 514,640 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-10-14 19:25:03 514,640 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2003-06-06 01:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
    + 2006-04-27 21:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
    + 2006-01-09 14:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
    + 2007-09-06 04:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
    + 2007-10-04 04:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-14 208896]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-14 69632]
    "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]

    C:\Documents and Settings\jocelyne\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-17 528384]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\System32\\logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [BU]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    --a------ 2008-06-13 18:27 2752512 C:\Program Files\Electronic Arts\EADM\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
    --a------ 2005-11-02 11:42 188928 C:\Program Files\Logitech\G-series Software\LCDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
    --a------ 2005-11-02 11:56 1110079 C:\Program Files\Logitech\G-series Software\LGDCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-13 22:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 05:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
    --a------ 2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2004-11-15 06:20 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Nla"=3 (0x3)
    "Alerter"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\system\\mysql\\bin\\mysqld.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\mangos\\realmd.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\system\\apache\\bin\\apache.exe"=
    "C:\\Documents and Settings\\jocelyne\\Mes documents\\Max\\Games\\WOW\\ShR_v3\\ShR_v3\\mangos\\mangosd.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 18:17:01
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-14 18:22:03 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-14 22:21:59
    ComboFix2.txt 2008-10-14 03:52:37

    Avant-CF: 26 640 973 824 octets libres
    Après-CF: 26,627,911,680 octets libres

    248 --- E O F --- 2008-09-29 05:01:02
    0
  11. Thango
     
    Pour l'instant oui.......Je te redonne des nouvelles demain si tout va bien mais je crois que c'est reglé Merci énormément pour ton aide vraiment apprécié !!
    0
  12. Thango
     
    Tout semble revenu a la normal Merci beaucoup ! Enfin tu na qu'a me dire ce qu'il reste a faire.
    0
  13. Thango
     
    Voila !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32:50, on 2008-10-15
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:6588
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-329068152-261478967-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-329068152-261478967-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jocelyne\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  14. Thango
     
    Euh aucune idée a propos du proxy ce que je sais c'est que je suis avec Videotron. J'ai pas de routeur non plus.....j'en avais un mais sa fais longtemps.

    Je vais appeller mon fournisseur.
    0
  15. Thango
     
    Ouais je l'ai supprimé, il n'était pas activé. Merci !
    0
  16. Thango
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:06:26, on 2008-10-15
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\UltraPlayer\UPlayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-329068152-261478967-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-329068152-261478967-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jocelyne\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  17. Thango
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:06:26, on 2008-10-15
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\UltraPlayer\UPlayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-329068152-261478967-839522115-1004\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-329068152-261478967-839522115-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jocelyne\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Poste un rapport HijackThis.
    -1
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu as cliqué sur Supprimer la sélection ?

    Peux-tu poster un rapport HijackThis ?
    -1
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ComboFix ne se lance pas ?
    -1
  • 1
  • 2