Sujet Précédent Sujet Suivant

Problème avec fichiers WINCTRL32 et ARKxx.tmp

tokina -  
 Utilisateur anonyme -
Bonjour,

J'ai des virus que je n'arrive pas à éradiquer !!

C:\WINDOWS\system32\WinCtrl32.dll
[DETECTION] Is the TR/Dropper.Gen Trojan

C:\ARK13.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\ARK14.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\ARK15.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan

et Un fichier impossible à détruire
C:\WINDOWS\system32\% ^ ^^^ % % ^% .exe

J'ai essayé SDIF / Smitfraudfix et je ne trouve pas de solution

merci pour votre aide
A voir également:

10 réponses

Réponse 1 / 10
Utilisateur anonyme
 
Slt,

-Désactive les logiciels de protection (Antivirus, Antispywares) puis :

-Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

-Double-clic sur combofix.

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-Copie/colle un rapport HiJackThis avec.

0
Réponse 2 / 10
tokina
 
Bjr,

merci pour ton aide; Désolé pour le délai, mais combo a eu certaines difficultés; Ci-desous les posts demandés:

ComboFix 08-10-26.01 - ALICE PETIT 2008-10-27 18:50:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.139 [GMT 1:00]

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ALICE PETIT\Application Data\CROSOF~1
C:\Documents and Settings\ALICE PETIT\Application Data\CROSOF~1\d?dplay.exe
C:\Documents and Settings\ALICE PETIT\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\ALICE PETIT\real.txt
C:\Documents and Settings\ARYELLE\Application Data\ASEMBL~1
C:\Documents and Settings\ARYELLE\Application Data\ASEMBL~1\a?sembly\
C:\Documents and Settings\ARYELLE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\ARYELLE\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\ARYELLE\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\ARYELLE\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\ARYELLE\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\ARYELLE\Mes documents\CROSOF~1
C:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\CPV
C:\Program Files\Eroca
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\outerinfo
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\WINDOWS\system32\% ^ ^^^ % % ^% .exe
C:\WINDOWS\system32\_000006_.tmp.dll
c:\windows\system32\Drivers\Bmu54.sys
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BMU54
-------\Service_Bmu54

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
.

2008-10-27 11:45 . 2008-10-27 11:44 20,629,877 --a------ C:\WINDOWS\LPT$VPN.621
2008-10-27 11:44 . 2008-10-27 11:44 20,629,877 --a------ C:\WINDOWS\VPTNFILE.621
2008-10-27 11:42 . 2008-10-27 11:44 <REP> d-------- C:\WINDOWS\AU_Temp
2008-10-27 09:36 . 2008-10-27 09:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 21:10 . 2008-10-26 21:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-26 20:51 . 2008-10-26 20:51 16,384 --a------ C:\ARK17.tmp
2008-10-26 20:51 . 2008-10-27 11:16 12,288 --a------ C:\ARK16.tmp
2008-10-26 19:01 . 2008-10-26 20:10 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-26 18:36 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-26 18:36 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-26 18:31 . 2008-10-26 18:31 <REP> d-------- C:\Program Files\Avira
2008-10-26 18:31 . 2008-10-26 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 18:24 . 2008-05-01 15:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-26 18:22 . 2008-10-15 17:59 332,800 --a------ C:\WINDOWS\system32\SETE.tmp
2008-10-12 18:11 . 2008-10-12 18:11 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Desperate Housewives
2008-10-12 18:11 . 2008-10-12 18:11 <REP> d-------- C:\Documents and Settings\JEAN-LUC\Application Data\Desperate Housewives
2008-10-12 18:11 . 2008-10-12 18:11 <REP> d-------- C:\Documents and Settings\ARYELLE\Application Data\Desperate Housewives
2008-10-12 18:11 . 2008-10-12 18:21 <REP> d----c--- C:\Documents and Settings\ALICE PETIT\Application Data\Desperate Housewives
2008-10-05 17:20 . 2008-10-05 17:27 <REP> d--h-c--- C:\LG3G
2008-10-05 17:20 . 2008-10-05 17:20 <REP> d----c--- C:\Documents and Settings\ALICE PETIT\Application Data\LG Electronics
2008-10-05 17:15 . 2008-10-05 17:15 <REP> d-------- C:\Program Files\LG Electronics
2008-10-05 17:15 . 2007-07-11 09:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-10-05 17:15 . 2007-07-11 14:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-10-05 17:15 . 2007-07-11 09:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-10-05 17:14 . 2008-10-26 16:17 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-10-03 18:12 . 2008-10-03 18:12 6,066,176 --------- C:\WINDOWS\system32\SET2F1.tmp
2008-10-03 18:12 . 2008-10-03 18:12 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-29 18:40 . 2008-09-29 18:40 <REP> d----c--- C:\Documents and Settings\ALICE PETIT\Application Data\InterVideo
2008-09-28 17:38 . 2008-09-28 17:38 <REP> d----c--- C:\hegames
2008-09-28 17:38 . 2008-09-28 18:40 339 --a------ C:\WINDOWS\hegames.ini
2008-09-28 17:38 . 2008-09-28 17:38 4 --a--c--- C:\timestmp.tmp
2008-09-28 12:03 . 2008-09-28 12:03 0 --a------ C:\WINDOWS\bbcauto.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:44 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-10-27 10:44 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-10-27 10:44 348,229 ----a-w C:\WINDOWS\tsc.exe
2008-10-27 10:44 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-10-26 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 14:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-17 14:42 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-09-17 14:42 --------- d-----w C:\Program Files\Microsoft Works
2008-09-17 14:42 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-17 14:41 --------- d-----w C:\Program Files\Avanquest update
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-11-24 13:17 25,600 -c--a-w C:\Documents and Settings\ALICE PETIT\usbsermptxp.sys
2007-11-24 13:17 22,768 -c--a-w C:\Documents and Settings\ALICE PETIT\usbsermpt.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HerculesCamService"="C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2006-10-13 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veL66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winiq86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqb10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"C:\\Program Files\\devolo\\informer\\devinf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hercules\\Hercules DualPix HD Webcam\\Station2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\plcndis5.sys [2004-05-17 17280]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
S0 veL66;veL66;C:\WINDOWS\system32\Drivers\veL66.sys [ ]
S0 Winel17;Winel17;C:\WINDOWS\system32\Drivers\Winel17.sys [ ]
S0 Winiq86;Winiq86;C:\WINDOWS\system32\Drivers\Winiq86.sys [ ]
S0 Winqb10;Winqb10;C:\WINDOWS\system32\Drivers\Winqb10.sys [ ]
S3 A_USBETHMP;USB PowerPacket Network Adapter;C:\WINDOWS\system32\Drivers\usbethmp.sys [2004-11-22 14342]
S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-09-27 274816]
S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-10-03 22656]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7081eac9-fd75-11db-816c-0014a577e11d}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-27 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9c9acc12f7a4d5b8b7718d47e4222ae
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9c9acc12f7a4d5b8b7718d47e4222ae

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:59:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?1?6?7??P???? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

C:\Documents and Settings\ALICE PETIT\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-27 19:05:23 - La machine a redémarré [ALICE PETIT]
ComboFix-quarantined-files.txt 2008-10-27 18:05:18

Avant-CF: 9,644,269,568 octets libres
Après-CF: 9,633,886,208 octets libres

200 --- E O F --- 2008-10-26 20:18:51

Et Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:21, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9c9acc12f7a4d5b8b7718d47e4222ae
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9c9acc12f7a4d5b8b7718d47e4222ae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 3 / 10
tokina
 
Bjr,

merci pour ton aide; Désolé pour le délai, mais combo a eu certaines difficultés; Ci-desous les posts demandés:

ComboFix 08-10-26.01 - ALICE PETIT 2008-10-27 18:50:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.139 [GMT 1:00]

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ALICE PETIT\Application Data\CROSOF~1
C:\Documents and Settings\ALICE PETIT\Application Data\CROSOF~1\d?dplay.exe
C:\Documents and Settings\ALICE PETIT\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\ALICE PETIT\real.txt
C:\Documents and Settings\ARYELLE\Application Data\ASEMBL~1
C:\Documents and Settings\ARYELLE\Application Data\ASEMBL~1\a?sembly\
C:\Documents and Settings\ARYELLE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\ARYELLE\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\ARYELLE\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\ARYELLE\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\ARYELLE\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\ARYELLE\Mes documents\CROSOF~1
C:\Documents and Settings\JEAN-LUC\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\CPV
C:\Program Files\Eroca
C:\Program Files\Eroca\Eroca.exe
C:\Program Files\outerinfo
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\WINDOWS\system32\% ^ ^^^ % % ^% .exe
C:\WINDOWS\system32\_000006_.tmp.dll
c:\windows\system32\Drivers\Bmu54.sys
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BMU54
-------\Service_Bmu54

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
.

2008-10-27 11:45 . 2008-10-27 11:44 20,629,877 --a------ C:\WINDOWS\LPT$VPN.621
2008-10-27 11:44 . 2008-10-27 11:44 20,629,877 --a------ C:\WINDOWS\VPTNFILE.621
2008-10-27 11:42 . 2008-10-27 11:44 <REP> d-------- C:\WINDOWS\AU_Temp
2008-10-27 09:36 . 2008-10-27 09:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 21:10 . 2008-10-26 21:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-26 20:51 . 2008-10-26 20:51 16,384 --a------ C:\ARK17.tmp
2008-10-26 20:51 . 2008-10-27 11:16 12,288 --a------ C:\ARK16.tmp
2008-10-26 19:01 . 2008-10-26 20:10 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-26 18:36 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-26 18:36 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-26 18:31 . 2008-10-26 18:31 <REP> d-------- C:\Program Files\Avira
2008-10-26 18:31 . 2008-10-26 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 18:24 . 2008-05-01 15:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-26 18:22 . 2008-10-15 17:59 332,800 --a------ C:\WINDOWS\system32\SETE.tmp
2008-10-12 18:11 . 2008-10-12 18:11 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Desperate Housewives
2008-10-12 18:11 . 2008-10-12 18:11 <REP> d-------- C:\Documents and Settings\JEAN-LUC\Application Data\Desperate Housewives
2008-10-12 18:11 . 2008-10-12 18:11 <REP> d-------- C:\Documents and Settings\ARYELLE\Application Data\Desperate Housewives
2008-10-12 18:11 . 2008-10-12 18:21 <REP> d----c--- C:\Documents and Settings\ALICE PETIT\Application Data\Desperate Housewives
2008-10-05 17:20 . 2008-10-05 17:27 <REP> d--h-c--- C:\LG3G
2008-10-05 17:20 . 2008-10-05 17:20 <REP> d----c--- C:\Documents and Settings\ALICE PETIT\Application Data\LG Electronics
2008-10-05 17:15 . 2008-10-05 17:15 <REP> d-------- C:\Program Files\LG Electronics
2008-10-05 17:15 . 2007-07-11 09:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-10-05 17:15 . 2007-07-11 14:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-10-05 17:15 . 2007-07-11 09:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-10-05 17:14 . 2008-10-26 16:17 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-10-03 18:12 . 2008-10-03 18:12 6,066,176 --------- C:\WINDOWS\system32\SET2F1.tmp
2008-10-03 18:12 . 2008-10-03 18:12 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-29 18:40 . 2008-09-29 18:40 <REP> d----c--- C:\Documents and Settings\ALICE PETIT\Application Data\InterVideo
2008-09-28 17:38 . 2008-09-28 17:38 <REP> d----c--- C:\hegames
2008-09-28 17:38 . 2008-09-28 18:40 339 --a------ C:\WINDOWS\hegames.ini
2008-09-28 17:38 . 2008-09-28 17:38 4 --a--c--- C:\timestmp.tmp
2008-09-28 12:03 . 2008-09-28 12:03 0 --a------ C:\WINDOWS\bbcauto.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 10:44 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-10-27 10:44 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-10-27 10:44 348,229 ----a-w C:\WINDOWS\tsc.exe
2008-10-27 10:44 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-10-26 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 14:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-17 14:42 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-09-17 14:42 --------- d-----w C:\Program Files\Microsoft Works
2008-09-17 14:42 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-17 14:41 --------- d-----w C:\Program Files\Avanquest update
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-11-24 13:17 25,600 -c--a-w C:\Documents and Settings\ALICE PETIT\usbsermptxp.sys
2007-11-24 13:17 22,768 -c--a-w C:\Documents and Settings\ALICE PETIT\usbsermpt.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"HerculesCamService"="C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2006-10-13 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veL66.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winiq86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqb10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"C:\\Program Files\\devolo\\informer\\devinf.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hercules\\Hercules DualPix HD Webcam\\Station2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\plcndis5.sys [2004-05-17 17280]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
S0 veL66;veL66;C:\WINDOWS\system32\Drivers\veL66.sys [ ]
S0 Winel17;Winel17;C:\WINDOWS\system32\Drivers\Winel17.sys [ ]
S0 Winiq86;Winiq86;C:\WINDOWS\system32\Drivers\Winiq86.sys [ ]
S0 Winqb10;Winqb10;C:\WINDOWS\system32\Drivers\Winqb10.sys [ ]
S3 A_USBETHMP;USB PowerPacket Network Adapter;C:\WINDOWS\system32\Drivers\usbethmp.sys [2004-11-22 14342]
S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-09-27 274816]
S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-10-03 22656]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7081eac9-fd75-11db-816c-0014a577e11d}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-27 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9c9acc12f7a4d5b8b7718d47e4222ae
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9c9acc12f7a4d5b8b7718d47e4222ae

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:59:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?1?6?7??P???? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

C:\Documents and Settings\ALICE PETIT\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-27 19:05:23 - La machine a redémarré [ALICE PETIT]
ComboFix-quarantined-files.txt 2008-10-27 18:05:18

Avant-CF: 9,644,269,568 octets libres
Après-CF: 9,633,886,208 octets libres

200 --- E O F --- 2008-10-26 20:18:51

Et Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:21, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9c9acc12f7a4d5b8b7718d47e4222ae
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9c9acc12f7a4d5b8b7718d47e4222ae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 4 / 10
Utilisateur anonyme
 
-Télécharge OTMoveIt de OldTimer.

-Sauvegarde le sur ton Bureau.

-Double-Clique sur OTMoveIt.exe pour le lancer.

-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

C:\ARK17.tmp
C:\ARK16.tmp
C:\WINDOWS\system32\SETE.tmp
C:\WINDOWS\system32\SET2F1.tmp

-Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.

-Clique sur le bouton rouge Moveit!.

-Ferme OTMoveIt.

Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

Poste le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
tokina
 
Bjr,

le post de OTmoveIT

File move failed. C:\ARK17.tmp scheduled to be moved on reboot.
C:\ARK16.tmp moved successfully.
C:\WINDOWS\system32\SETE.tmp moved successfully.
C:\WINDOWS\system32\SET2F1.tmp moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10272008_194645

Files moved on Reboot...
File C:\ARK17.tmp not found!
0
Réponse 6 / 10
Utilisateur anonyme
 
Poste un Hijackthis stp
0
Réponse 7 / 10
tokina
 
Re,

Post Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:52, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9c9acc12f7a4d5b8b7718d47e4222ae
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9c9acc12f7a4d5b8b7718d47e4222ae
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 8 / 10
Utilisateur anonyme
 
Ca me parait bien et toi de ton coté ?
0
Réponse 9 / 10
tokina
 
Je confirme tout à l'air ok;

Je relance cette nuit un check avec antivir
Merci pour votre aide
0
Réponse 10 / 10
Utilisateur anonyme
 
Ok,

Si tout va bien demain on finira par un nettoyage avec Ccleaner et un outils pour supprimer les fix que je t'ai fait telecharger ds cette desinfection !
0