Problème d'ordinateur

Ultima Ryder -  
VIRUS_KILLER Messages postés 2075 Statut Contributeur -
Bonjour tout le monde,

( je ne savais pas trop dans quelle partie mettre mon post )

Je vous explique mon problème :
Lorsque que je joue à :
_Call of duty 4
_Unreal Tournament 3
_Guild wars
mon ordi se fixe , le plus souvent cela se termine par écran noir + "No signal"

Ces 3 jeux me prennent entre 30 et 60% de processeur avec le gestionnaire des tâches...

Mon frère me dit que c'est un cheval de troie, après des recherches sur internet, j'ai trouvé : problème de surchauffe et/ou problème de driver ( je ne veux pas écarter l'hypothèse que ce soit un virus )

J'aimerais qu'on puisse m'éclairer sur la source de mon problème.
Si vous avez besoin d'un renseignement ou d'un scan , faites le moi savoir :)
Configuration: Windows XP
Internet Explorer 6.0

12 réponses

  1. Ultima Ryder
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:14:43, on 30/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\program files\powerstrip\pstrip.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DNA\btdna.exe
    C:\Documents and Settings\edouard\Application Data\tmobd.exe
    C:\Program Files\Macro Express3\MacExp.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Documents and Settings\edouard\Application Data\tmobd.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [sysconf32] C:\WINDOWS\metin2-trainer.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [FOR RECT] C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [tmobd] C:\Documents and Settings\edouard\Application Data\tmobd.exe
    O4 - HKCU\..\Run: [ssf] C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O24 - Desktop Component 0: (no name) - http://img.bestofmedia.com/static/commun/js/framework/framework-3.js
    0
  2. Ultima Ryder
     
    ComboFix 08-10-30.04 - edouard 2008-10-30 14:15:12.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\edouard\Application Data\hd2.exe
    C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
    C:\Documents and Settings\edouard\Application Data\python25.dll
    C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
    C:\WINDOWS\system32\dao350.dll
    C:\WINDOWS\system32\jiirxkto.ini
    C:\WINDOWS\system32\lkscrsjj.ini
    C:\WINDOWS\system32\loaeclde.ini
    C:\WINDOWS\system32\lovavped.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mkaoktgv.exe
    C:\WINDOWS\system32\ndneoxea.dll.VIR
    C:\WINDOWS\system32\s8Ok711M.exe.a_a
    C:\WINDOWS\system32\srxoufbo.ini
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssservers.dat
    C:\WINDOWS\system32\urkxqoap.ini
    C:\WINDOWS\system32\xlowxoiy.exe
    C:\WINDOWS\system32\xtywaomd.ini
    C:\WINDOWS\system32\ymtejmid.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
    2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
    2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
    2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
    2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
    2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
    2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
    2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
    2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
    2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
    2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
    2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
    2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
    2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
    2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
    2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
    2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
    2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
    2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
    2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
    2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
    2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
    2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
    2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
    2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
    2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
    2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
    2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
    2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
    2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
    2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
    2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
    2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
    2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
    2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
    2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
    2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
    2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
    2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
    2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
    2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
    2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
    2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
    2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
    2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
    2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
    2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
    2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
    2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
    2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
    2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
    2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
    "tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
    "ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
    "CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
    "Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
    "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

    C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
    "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
    "C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
    R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
    - c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []

    2008-09-29 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-27 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-29 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
    HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
    HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
    R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
    O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-30 14:19:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
    ComboFix-quarantined-files.txt 2008-10-30 13:21:39

    Avant-CF: 15,946,661,888 octets libres
    Après-CF: 17,689,841,664 octets libres

    320 --- E O F --- 2008-05-14 18:53:33
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. Ultima Ryder
     
    ComboFix 08-10-30.04 - edouard 2008-10-30 14:15:12.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\edouard\Application Data\hd2.exe
    C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
    C:\Documents and Settings\edouard\Application Data\python25.dll
    C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
    C:\WINDOWS\system32\dao350.dll
    C:\WINDOWS\system32\jiirxkto.ini
    C:\WINDOWS\system32\lkscrsjj.ini
    C:\WINDOWS\system32\loaeclde.ini
    C:\WINDOWS\system32\lovavped.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mkaoktgv.exe
    C:\WINDOWS\system32\ndneoxea.dll.VIR
    C:\WINDOWS\system32\s8Ok711M.exe.a_a
    C:\WINDOWS\system32\srxoufbo.ini
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssservers.dat
    C:\WINDOWS\system32\urkxqoap.ini
    C:\WINDOWS\system32\xlowxoiy.exe
    C:\WINDOWS\system32\xtywaomd.ini
    C:\WINDOWS\system32\ymtejmid.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
    2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
    2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
    2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
    2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
    2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
    2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
    2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
    2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
    2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
    2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
    2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
    2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
    2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
    2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
    2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
    2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
    2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
    2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
    2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
    2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
    2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
    2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
    2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
    2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
    2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
    2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
    2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
    2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
    2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
    2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
    2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
    2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
    2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
    2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
    2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
    2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
    2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
    2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
    2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
    2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
    2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
    2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
    2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
    2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
    2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
    2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
    2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
    2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
    2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
    2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
    2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
    "tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
    "ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
    "CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
    "Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
    "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

    C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
    "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
    "C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
    R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
    - c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []

    2008-09-29 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-27 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-29 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
    HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
    HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
    R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
    O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-30 14:19:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
    ComboFix-quarantined-files.txt 2008-10-30 13:21:39

    Avant-CF: 15,946,661,888 octets libres
    Après-CF: 17,689,841,664 octets libres

    320 --- E O F --- 2008-05-14 18:53:33
    0
  5. Ultima Ryder
     
    ComboFix 08-10-30.04 - edouard 2008-10-30 14:15:12.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\edouard\Application Data\hd2.exe
    C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
    C:\Documents and Settings\edouard\Application Data\python25.dll
    C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
    C:\WINDOWS\system32\dao350.dll
    C:\WINDOWS\system32\jiirxkto.ini
    C:\WINDOWS\system32\lkscrsjj.ini
    C:\WINDOWS\system32\loaeclde.ini
    C:\WINDOWS\system32\lovavped.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mkaoktgv.exe
    C:\WINDOWS\system32\ndneoxea.dll.VIR
    C:\WINDOWS\system32\s8Ok711M.exe.a_a
    C:\WINDOWS\system32\srxoufbo.ini
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssservers.dat
    C:\WINDOWS\system32\urkxqoap.ini
    C:\WINDOWS\system32\xlowxoiy.exe
    C:\WINDOWS\system32\xtywaomd.ini
    C:\WINDOWS\system32\ymtejmid.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
    2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
    2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
    2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
    2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
    2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
    2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
    2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
    2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
    2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
    2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
    2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
    2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
    2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
    2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
    2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
    2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
    2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
    2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
    2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
    2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
    2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
    2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
    2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
    2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
    2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
    2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
    2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
    2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
    2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
    2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
    2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
    2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
    2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
    2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
    2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
    2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
    2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
    2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
    2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
    2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
    2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
    2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
    2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
    2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
    2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
    2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
    2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
    2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
    2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
    2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
    2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
    2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
    2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
    2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
    2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
    "tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
    "ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
    "CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
    "Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
    "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

    C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\WINDOWS\\system32\\dplaysvr.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
    "D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
    "D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
    "C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
    R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
    - c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []

    2008-09-29 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-27 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-29 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
    HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
    HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
    HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe

    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
    R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
    O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-30 14:19:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
    ComboFix-quarantined-files.txt 2008-10-30 13:21:39

    Avant-CF: 15,946,661,888 octets libres
    Après-CF: 17,689,841,664 octets libres

    320 --- E O F --- 2008-05-14 18:53:33
    0
  6. Ultima Ryder
     
    excusez pour le triple post ( quadruple maintenant oO )
    J'avais GW allumé ( pour regarder si les éléments supprimés avaient déjà changés quelquechoses )
    vu que ce compte est anonyme je trouve pas comment supprimer mon post

    PS : je m'y attendais, pour l'instant rien de nouveau, j'attends ton prochain message avec impatience ;)
    0
  7. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    T'inquete pas pour les post en double,si un Modérateur passe il les supprimera.

    Telecharge maitenant MalwareBytes'Anti-Malware a partir de ce lien :

    https://www.malwarebytes.com/

    Suit le guide au besoin :

    http://www.vista-xp.fr/forum/topic68.html

    En fin d'analyse un rapport va s'ouvrir,copie/colle le moi.

    N'oubli pas de poster un rapport Hijackthis aprés le scan complet de MalwareBytes'Anti-Malware

    A présent comment se comporte ton PC ?

    Que se passe t'il quand tu joue ?
    0
  8. Ultima Ryder
     
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1028
    Windows 5.1.2600 Service Pack 2

    16:25:21 30/10/2008
    mbam-log-10-30-2008 (16-25-21).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 102045
    Temps écoulé: 22 minute(s), 47 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    le HJT arrive plus tard

    PS : je crois de + en + que c'est du à une sruchauffe carte graphique ...
    _ bug ordi avec message "Overclocking is failed" (rarement )
    _ rapport d'erreur de ATITool quand je joue ( rarement )
    le plus souvent ce sont des "no signal" + écran noir
    0
    1. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
       
      VU
      Join moi maitenant un rapport Hijackthis pour vérifier que tout va bien ,,,
      0
  9. depassage
     
    bonjour , il reste pleins de saletées dans ton pc

    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
    2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
    2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
    2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
    2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
    2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
    2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
    2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
    2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
    2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
    2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll

    2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
    - c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []

    2008-09-29 C:\WINDOWS\Tasks\At1.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-27 C:\WINDOWS\Tasks\At10.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At11.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At12.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At13.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At14.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-30 C:\WINDOWS\Tasks\At15.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At16.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At17.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At18.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At19.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-29 C:\WINDOWS\Tasks\At2.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At20.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At21.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At22.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At23.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-10-29 C:\WINDOWS\Tasks\At24.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At3.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At4.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At5.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At6.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-09-30 C:\WINDOWS\Tasks\At7.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At8.job
    - C:\WINDOWS\system32\s8Ok711M.exe []

    2008-07-01 C:\WINDOWS\Tasks\At9.job
    - C:\WINDOWS\system32\s8Ok711M.exe []
    0
  10. Ultima Ryder
     
    Pour le HJT :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:08:35, on 30/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
    C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\program files\powerstrip\pstrip.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DNA\btdna.exe
    C:\Documents and Settings\edouard\Application Data\tmobd.exe
    C:\Documents and Settings\edouard\Application Data\tmobd.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\edouard\Application Data\hd\httpddos.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [tmobd] C:\Documents and Settings\edouard\Application Data\tmobd.exe
    O4 - HKCU\..\Run: [ssf] C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O24 - Desktop Component 0: (no name) - http://img.bestofmedia.com/static/commun/js/framework/framework-3.js
    0
  11. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Il reste encore des infections !

    A présent telecharge Sdfix :

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Suit le guide ici :

    http://site-naheulbeuk.com/

    Et poste un rapport Sdfix.

    Je voit également que ta version de navigateur n'est pas a jour.

    Prend la version 7 de Internet Explorer :

    http://download.microsoft.com/download/d/7/6/d7635233-5433-45aa-981b-4690ae90b785/IE7-WindowsXP-x86-fra.exe

    Ovre Hijackthis > Coche ces lignes :

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)

    Ensuite clique sur : Fixchecked.

    0