Windows Installer revient toujours

Salut Lyonnais, voilà les résults (par contre j'ai pas eu de boite de message ni de demande de transfert...)

ComboFix 08-11-11.01 - AdrienM 2008-11-12 23:27:42.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.180 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\AdrienM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICFLATUQ


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 14:33 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:32 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:19 . 2008-11-11 22:19 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-11 19:58 . 2008-11-12 18:11 1,393 --a------ c:\windows\imsins.BAK
2008-11-09 12:15 . 2008-11-09 12:15 <REP> d-------- C:\_OTMoveIt
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 23:34:36
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Tools\PC\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msdtc.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\Tools\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Heure de fin: 2008-11-12 23:42:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-12 22:42:12
ComboFix2.txt 2008-11-12 22:20:21
ComboFix3.txt 2008-11-12 13:27:20
ComboFix4.txt 2008-11-11 11:05:34
ComboFix5.txt 2008-11-12 22:26:33

Avant-CF: 6.121.971.712 octets libres
Après-CF: 6,107,324,416 octets libres

140 --- E O F --- 2008-11-12 17:14:35




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:03, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\tools\pc\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tools\PC\Eraser\eraser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Tools\SpywareGuard\dlprotect.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Tools\PC\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1199796537046
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100562683359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\tools\pc\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

j'ai fait ce qui était marqué
je n'ai plus de session sous windows
j'ai le bureau qui s'allume mais je n'ai plus de barre de contrôle en bas
si je vais dans gestionnaire des taches il n'y a aucun utilisateur actif
je n'ai plus internet, ni accès, ni réseau (j'écris à partir d'une autre station)
y a pas moyen de restaurer (quand j'essaie ca marque "restaurer ne protégé pas le pc, abandonner)
tout cela en mode protégé ou pas

on dirait que tout le système a été réinitialisé et remis à zéro mais sans possibilité de faire des restaurations
par contre l'erreur windows installer revient encore toujours en permanence
au secours comment faire pour récupérer mon pc ou revenir au dernier point restauration (s'il existe toujours)
merci pietro
ps avez vous toujours besoin des 2 rapports

voilà les rapports (pas facile, même la fonction copier coller ne fonctionne plus!)

ComboFix 08-11-09.01 - AdrienM 2008-11-10 13:09:52.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.146 [GMT 1:00]
LancÈ depuis: c:\program files\Tools\PC\ComboFix.exe
Commutateurs utilisÈs :: c:\documents and settings\AdrienM\Bureau\CFScript.txt
* Un nouveau point de restauration a ÈtÈ crÈÈ

FILE ::
c:\windows\system32\avifilem.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.dat
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.msi
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.par
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.res
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\instance.dat
c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\mia.lib
c:\program files\Navilog1
c:\program files\Navilog1\catchme.exe
c:\program files\Navilog1\Contents\Filess.bat
c:\program files\Navilog1\Contents\Folders.bat
c:\program files\Navilog1\Contents\Folderss.bat
c:\program files\Navilog1\Contents\Gnc2.bat
c:\program files\Navilog1\Contents\Gnc2su.bat
c:\program files\Navilog1\Contents\Gncs.bat
c:\program files\Navilog1\Contents\Gncssfil.bat
c:\program files\Navilog1\Contents\Heurs.bat
c:\program files\Navilog1\Contents\Heurss.bat
c:\program files\Navilog1\Contents\Orphus.bat
c:\program files\Navilog1\Contents\Wlist.bat
c:\program files\Navilog1\GetPaths.exe
c:\program files\Navilog1\gnc.exe
c:\program files\Navilog1\navilog1.bat
c:\program files\Navilog1\Navreb.bat
c:\program files\Navilog1\oem2ansi.exe
c:\program files\Navilog1\Process.exe
c:\program files\Navilog1\recherok.txt
c:\program files\Navilog1\reg.exe
c:\program files\Navilog1\regnavi.reg
c:\program files\Navilog1\Report\catchmeF.log
c:\program files\Navilog1\Report\catchmeP.log
c:\program files\Navilog1\traite.bat
c:\program files\Navilog1\traite2.bat
c:\program files\Navilog1\traite3.bat
c:\program files\Navilog1\unins000.dat
c:\program files\Navilog1\unins000.exe
c:\windows\system32\avifilem.dll . . . . impossible ‡ supprimer

.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 12:15 . 2008-11-09 12:15 <REP> d-------- C:\_OTMoveIt
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
.

------- Sigcheck -------

2004-08-05 13:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-05 13:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 19:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2004-08-05 13:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2004-09-29 19:47 660992 61cdcab341ade3482101da90fcc793ac c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-05-02 21:58 663040 0996b57cc2abcb271872296e98a18db2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 08:48 662016 06ad0b0f43286cd50af283762eb56763 c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-03 01:08 664576 031ca1310e4cb23e5a4f747d763d0b49 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-03 03:10 663552 39846b1ac2b99349272ee6e075c3b8af c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 05:00 667648 241dbc4c2714b2f39afded49459ed420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 06:26 667648 44fcc339191adb8892520dfa473c455f c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 12:25 668672 582953780721ac5d38f98cab229ec7b9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 09:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
2007-03-23 10:29 823296 375b58a68a016546535a84060092325c c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 09:26 823808 47ddad237f60729dea2b9e0e2382b58f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 10:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 06:59 670208 0465cde31add22f6233ffb4fe4af01cf c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 10:32 670208 dcb8a9f102663d962be60cde38a6c1d7 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 07:57 670720 f2f343d7ed0223645ba773b840eb4993 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 07:43 670208 7af7d7d178f2863e7e7c880b55c88b76 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 07:30 670720 82b3264706b9921c67b196319fda51de c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 17:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 16:10 670208 d2177655bc338a07b99913f6a4bed52d c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 15:56 670720 4e00327da458beffea8f4b222f466b20 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-08-20 06:07 670720 96d50aca60da22adbd253f2825c98d1a c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
2008-06-23 16:40 663552 95d92788889b847309c63e2ec287d1c0 c:\windows\$NtServicePackUninstall$\wininet.dll
2006-09-14 09:40 663040 b1e994472f3574db141266f1aa905433 c:\windows\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:13 663552 d2fd027e5d3af96dee6c5cc225079df0 c:\windows\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:07 663552 c5a40de381481d288addee45fc67f652 c:\windows\$NtUninstallKB947864$\wininet.dll
2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\$NtUninstallKB950759$\wininet.dll
2008-02-16 10:02 663552 c9218cd3cd93586ffe9ae789282cae63 c:\windows\$NtUninstallKB950759_0$\wininet.dll
2008-04-21 07:43 670208 7af7d7d178f2863e7e7c880b55c88b76 c:\windows\$NtUninstallKB953838$\wininet.dll
2008-04-21 08:02 663552 355a69cc05045428ce6b9e6bfbd4b74b c:\windows\$NtUninstallKB953838_0$\wininet.dll
2008-06-23 16:10 670208 d2177655bc338a07b99913f6a4bed52d c:\windows\$NtUninstallKB956390$\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 14:26 822784 75de73e328e300caed5965faea2f5d3f c:\windows\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 08:40 822784 2c138ab59e2ffa06e8952ae656e443c5 c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 14:24 823808 2274862267d7445e7010d9af826e89c3 c:\windows\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 10:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a c:\windows\ie7updates\KB942615-IE7\wininet.dll
2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\wininet.dll
2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\wininet.dll
2008-08-20 06:10 670208 50d19e569c83a9c1ae7efaef6a93bc50 c:\windows\system32\wininet.dll
2008-08-20 06:10 670208 50d19e569c83a9c1ae7efaef6a93bc50 c:\windows\system32\dllcache\wininet.dll

2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-05 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

2004-08-05 13:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2004-08-05 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-05 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2005-03-02 19:13 2059008 5311776074b6c13f983dc75baeac9c0c c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 19:45 2061440 8b039efbe4c9aa23f152ffa0e238b8fa c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 17:08 2061440 7a56a64eb50399613587e90292dd2aab c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 18:26 2068096 755b50949d0dbc0f0136b0db58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2007-02-28 17:02 2017792 11c942f6519575079baa9f14aee35e88 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-05 13:00 2017280 35567c8c50986c2bc5c3efd79cb045e4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 19:08 2017280 50b3a210b6fa8d3089a36a32e7d8b21f c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 03:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-04-14 03:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-08-14 14:23 2025984 f2dec52ed964ad57220b1f5aa32b5c61 c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\system32\dllcache\ntkrnlpa.exe

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 19:45 2184064 1f3fa2065e6e043a1d82a487b5da309c c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 17:08 2184192 8e244108562e0e452eb68dff64cb08a9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 18:26 2191232 d79210549bbf09b7638e860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2007-02-28 17:02 2138112 c7a39c47c064ae50417a944b60f37b6a c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-05 13:00 2150400 36f32a5a83df734e022734d93860a9a4 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 19:07 2137600 e75f7aa5a33479f29c636fd0890f5762 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 03:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-14 03:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-08-14 14:23 2147328 e422f0930804a5d6e697e5d7dbfd9863 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\system32\dllcache\ntoskrnl.exe

2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-05 13:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2004-08-05 13:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2004-08-05 13:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-05 13:00 57856 b4ef928e4fad79364a80acba6d999934 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 03:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2004-08-05 13:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe

2004-08-05 13:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]
2004-08-05 13:00 104960 --a------ c:\windows\system32\avifilem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]
"EPSON Stylus DX4400 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]
2004-08-05 13:00 104960 c:\windows\system32\avifilem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 icflatuq;icflatuq;c:\windows\system32\drivers\icflatuq.sys [2004-08-05 23424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown/COLOR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contenu du dossier 'T‚ches planifiÈes'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 13:19:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachÈs ...

Recherche d'ÈlÈments en dÈmarrage automatique cachÈs ...

Recherche de fichiers cachÈs ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Simsô 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminÈ avec succËs
Fichiers cachÈs: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Tools\PC\a-squared Free\a2service.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Tools\SpywareGuard\sgmain.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 13:27:44 - La machine a redÈmarrÈ
ComboFix-quarantined-files.txt 2008-11-10 12:27:39
ComboFix2.txt 2008-11-09 21:10:16
ComboFix3.txt 2008-11-09 11:36:20
ComboFix4.txt 2008-11-09 10:24:23
ComboFix5.txt 2008-11-10 12:08:36

Avant-CF: 5.665.554.432 octets libres
AprËs-CF: 5,645,357,056 octets libres

306 --- E O F --- 2008-10-24 10:31:24


voici hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:50, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\tools\pc\a-squared free\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tools\PC\Eraser\eraser.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fen�tres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Tools\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A15AC531-F8E7-4F95-A633-6DC2EAD9DACF} - c:\windows\system32\avifilem.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Tools\PC\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-21-4072564498-3378850561-2594840957-1006\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b (User '?')
O4 - HKUS\S-1-5-21-4072564498-3378850561-2594840957-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4072564498-3378850561-2594840957-1006\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-4072564498-3378850561-2594840957-1006\..\Run: [Eraser] C:\Program Files\Tools\PC\Eraser\eraser.exe -hide (User '?')
O4 - HKUS\S-1-5-21-4072564498-3378850561-2594840957-1006\..\Run: [EPSON Stylus DX4400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - S-1-5-21-4072564498-3378850561-2594840957-1006 Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe (User '?')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1199796537046
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100562683359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gtrzrltg - C:\WINDOWS\SYSTEM32\avifilem.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\tools\pc\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

Merci El Carrosso, voilà le log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:47, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\tools\pc\a-squared free\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Garmin\gStart.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Tools\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A15AC531-F8E7-4F95-A633-6DC2EAD9DACF} - c:\windows\system32\avifilem.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Tools\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Tools\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1199796537046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Salut El Carrosso, merci pour ta propos.
J'avais déjà fait passer Malwarebytes mais vais ré-essayer en désactivant spybot.
Je te ferai savoir
A+
Pietro

Salut El Carrosso,
Alors voilà j'ai passé MalwareBytes et voici le rapport:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1367
Windows 5.1.2600 Service Pack 3

8/11/2008 19:26:26
mbam-log-2008-11-08 (19-26-26).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 238126
Temps écoulé: 4 hour(s), 1 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a15ac531-f8e7-4f95-a633-6dc2ead9dacf} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gtrzrltg (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a15ac531-f8e7-4f95-a633-6dc2ead9dacf} (Trojan.Vundo.H) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\avifilem.dll (Trojan.Vundo.H) -> Delete on reboot.


J'ai supprimé les fichiers au redémarrage puis j'ai ré-installé HijackThis 2.02. et voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:08, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
c:\program files\tools\pc\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://search.yahoo.com/?fr=altavista
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper -

{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program

Files\Tools\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A15AC531-F8E7-4F95-A633-6DC2EAD9DACF} -

c:\windows\system32\avifilem.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200

Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr

SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU

"C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate]

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate]

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default

user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn

ContactFinderControl) -

https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -

http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebCon

trol.cab?1199796537046
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_

site.cab?1100562683359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe

b_site.cab?1199063279187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gtrzrltg - C:\WINDOWS\SYSTEM32\avifilem.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program

files\tools\pc\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner

- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation

- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program

Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

oki je reviens encore après coup

Pendant ce temps, il semble que je sois arrivé à supprimer la ligne Architecte Studio des programmes à supprimer.
J'ai utilisé RegCleaner et EasyCleaner. Puis j'ai voulu mettre une dernière version de RegCleaner et je ne suis pas arrivé à enlever la vieille version. J'ai utilisé Eraser qui a bloqué le pc et après redémarrage j'ai enfin pu effacer RegClearner. Pffff bon en attendant plus de traces du programme qui s'auto-installe mais les messages continuent d'affluer.

Allez, j'essaie A+

Re-re-salut
Voilà donc la réponse de combofix


ComboFix 08-11-07.01 - AdrienM 2008-11-08 22:07:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.166 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini
F:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-08 au 2008-11-08 ))))))))))))))))))))))))))))))))))))
.

2008-11-08 21:18 . 2008-11-08 21:18 <REP> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 13:36 . 2008-11-07 18:56 <REP> d-------- c:\program files\Navilog1
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]
2004-08-05 13:00 104960 --a------ c:\windows\system32\avifilem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]
"EPSON Stylus DX4400 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]
2004-08-05 13:00 104960 c:\windows\system32\avifilem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 icflatuq;icflatuq;c:\windows\system32\drivers\icflatuq.sys [2004-08-05 23424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bblbarfw

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c22626-4827-11dd-998c-00115b6eb397}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BROCHURE_2008.pdf
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\AdrienM\Application Data\Mozilla\Firefox\Profiles\7xnwrgd4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.altavista.com
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 22:36:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Tools\PC\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msdtc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\msiexec.exe
c:\program files\Tools\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Heure de fin: 2008-11-08 22:44:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-08 21:43:52

Avant-CF: 5.731.659.776 octets libres
Après-CF: 5,744,779,264 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

167 --- E O F --- 2008-10-24 10:31:24

A te lire
bàt

Bonjour et salutations matinales El Carrosso,

Désolé mais je parviens pas à glisser le .txt dans Combofix. Il y a un écran qui s'affiche mais rien se passe.
J'ai copié le txt sur le bureau mais aussi dans mesdocs et dans le répertoire de combofix.

Y a-t-il une procédure ou un lieu bien précis?

En attendant je redémarre Combofix normalement et je vais accepter les changements de registres s'il y a lieu.

Je te tiens au courant.

A+ et merci encore
Pietro

Salut El Carrosso, waaah dis donc aussi matinal que tardif, tjs au poste!

Oui j'ai bien éliminé Spybot mais j'ai aussi SG (spywareguard) en background. Je l'ai désactivé et j'ai refait la manip sans le script que voici que voilà et je relance celle avec le script comme indiqué ci dessu

ComboFix 08-11-07.01 - AdrienM 2008-11-09 11:12:29.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.138 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.

2008-11-08 21:18 . 2008-11-08 21:18 <REP> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 13:36 . 2008-11-07 18:56 <REP> d-------- c:\program files\Navilog1
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_22.43.13.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 09:37:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4d8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]
2004-08-05 13:00 104960 --a------ c:\windows\system32\avifilem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]
"EPSON Stylus DX4400 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]
2004-08-05 13:00 104960 c:\windows\system32\avifilem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 icflatuq;icflatuq;c:\windows\system32\drivers\icflatuq.sys [2004-08-05 23424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bblbarfw

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c22626-4827-11dd-998c-00115b6eb397}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BROCHURE_2008.pdf
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\AdrienM\Application Data\Mozilla\Firefox\Profiles\7xnwrgd4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.altavista.com
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 11:17:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
Heure de fin: 2008-11-09 11:24:21
ComboFix-quarantined-files.txt 2008-11-09 10:24:14
ComboFix2.txt 2008-11-08 21:44:02

Avant-CF: 5,788,950,528 octets libres
Après-CF: 5,772,554,240 octets libres

145 --- E O F --- 2008-10-24 10:31:24

atds
Pietro

Re-salut, tjs le même. Le dessin indique le transfert mais rien se passe.

J'ai bien copié ceci dans CFScript.txt:

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bblbarfw

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c22626-4827-11dd-998c-00115b6eb397}]

files::
c:\windows\system32\avifilem.dll
c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BROCHURE_2008.pdf


et la ligne de commande demande un fichier GIF c'est correct?

où devrais-je placer le fichier?

A toute
pietro

Salut et bon appétit, voilà les résults et j'ai aussi repassé combofix (le classique car celui avec script va tjs po)


========== FILES ==========
LoadLibrary failed for c:\windows\system32\avifilem.dll
c:\windows\system32\avifilem.dll NOT unregistered.
File move failed. c:\windows\system32\avifilem.dll scheduled to be moved on reboot.
File/Folder c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BROCHURE_2008.pdf not found.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11092008_121543

Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\avifilem.dll
c:\windows\system32\avifilem.dll NOT unregistered.
File move failed. c:\windows\system32\avifilem.dll scheduled to be moved on reboot.


voilà le log de combofix

ComboFix 08-11-07.01 - AdrienM 2008-11-09 12:25:43.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.168 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 12:15 . 2008-11-09 12:15 <REP> d-------- C:\_OTMoveIt
2008-11-08 21:18 . 2008-11-08 21:18 <REP> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 13:36 . 2008-11-07 18:56 <REP> d-------- c:\program files\Navilog1
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_22.43.13.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 10:52:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4e0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]
2004-08-05 13:00 104960 --a------ c:\windows\system32\avifilem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]
"EPSON Stylus DX4400 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]
2004-08-05 13:00 104960 c:\windows\system32\avifilem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 icflatuq;icflatuq;c:\windows\system32\drivers\icflatuq.sys [2004-08-05 23424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bblbarfw
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\AdrienM\Application Data\Mozilla\Firefox\Profiles\7xnwrgd4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.altavista.com
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 12:30:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
Heure de fin: 2008-11-09 12:36:18
ComboFix-quarantined-files.txt 2008-11-09 11:36:10
ComboFix2.txt 2008-11-09 10:24:23
ComboFix3.txt 2008-11-08 21:44:02

Avant-CF: 5.786.251.264 octets libres
Après-CF: 5,768,953,856 octets libres

139 --- E O F --- 2008-10-24 10:31:24


Dois aller en visite famille car urgent mais je revient vers 19h avec espoir tu trouves une idée avec ces données...

En tout cas super merci
Pietro

salut El Carrosso, dsl j'avais lancé un A2 pour voir sya qqch qui traine et je rentre plus tot. La je te réponds de chez mon frere. Par contre ya tjs la m... puisk j'ai eu le message de Windows Installer plusieurs fois de nouveau...
A+
Pietro

Bonsoir ben me revoilà avec le scan et le résultat de A-square


Scan start: 9/11/2008 12:55:58

Key: HKEY_USERS\S-1-5-21-4072564498-3378850561-2594840957-1006\software\kazaa detected: Trace.Registry.KaZaA!A2

et voilà Hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:09, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Tools\PC\Eraser\eraser.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
c:\program files\tools\pc\a-squared free\a2service.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Tools\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A15AC531-F8E7-4F95-A633-6DC2EAD9DACF} - c:\windows\system32\avifilem.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Tools\PC\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S2.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1199796537046
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100562683359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gtrzrltg - C:\WINDOWS\SYSTEM32\avifilem.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\tools\pc\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

Re-re etc

J'ai l'air un peu c... sur les bords mais je comprends pas comment utiliser la ligne d'instruction et où placer le script pour que ça marche ? J'ai le même effet que avant: ya une image de combofix qui charge le script mais rien se passe.

C'est bien un .TXT dans lequel j'écris et un .GIF sur la ligne d'instructions?

atds

ben voilà voilou et au redémarrage de nouveau plein de demandes d'install de Architecte Studio... agrrrrrrrrr

ComboFix 08-11-09.01 - AdrienM 2008-11-09 21:52:14.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.137 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\AdrienM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICFLATUQ
-------\Service_icflatuq


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.

2008-11-09 12:15 . 2008-11-09 12:15 <REP> d-------- C:\_OTMoveIt
2008-11-08 21:18 . 2008-11-08 21:18 <REP> d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 13:36 . 2008-11-07 18:56 <REP> d-------- c:\program files\Navilog1
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_22.43.13.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 21:00:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]
2004-08-05 13:00 104960 --a------ c:\windows\system32\avifilem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]
"EPSON Stylus DX4400 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]
2004-08-05 13:00 104960 c:\windows\system32\avifilem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 icflatuq;icflatuq;c:\windows\system32\drivers\icflatuq.sys [2004-08-05 23424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bblbarfw

*Newly Created Service* - ICFLATUQ
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 22:01:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Tools\PC\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msdtc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\msiexec.exe
c:\program files\Tools\SpywareGuard\sgbhp.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Heure de fin: 2008-11-09 22:10:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-09 21:10:03
ComboFix2.txt 2008-11-09 11:36:20
ComboFix3.txt 2008-11-09 10:24:23
ComboFix4.txt 2008-11-08 21:44:02

Avant-CF: 5.724.442.624 octets libres
Après-CF: 5,705,834,496 octets libres

155 --- E O F --- 2008-10-24 10:31:24

Par contre, j'ai fait un tirer glisser de l'icone du script sur l'icone de Combo paske via http etc j'ai le doute.
C'est correc comme ça?

atds si tu restes sur le site
Pietro

Salut El C.

Après avoir passé le nouveau script, j'ai sauvé le log puis passé hijack et sauvé l'autre log.
J'ai quitté ma session et quand suis revenu je n'ai plus eu accès à la barre de commande (en bas de la fenetre), les outils bureau existent et fonctionnent mais par ex je ne sais plus lancer 'démarrer' car pas de barre!
Lorsque j'ouvre internet, je n'ai pas accès aux sites (il semble que je n'ai plus de compte réseau); si je vais dans les options, je n'ai aucun service réseau; je peux éventuellement en créer un nouveau... j'ai pas été plus avant.
Lorsque j'accède enfin aux outils je ne sais pas faire de restauration (outil non dispo) ni revoir les comptes utilisateur ni le réseau. Si je fais crtl alt del j'obtiens le gestionnaire de tâches mais il est presque vide et aucun compte utilisateur loggé comme si j'étais pas là.
Là j'avoue paniquer assez fort...
Y a-t-il moyen de revenir en arrière de la dernière manip? Je me demande si la dernière commande avec SVCHOST
ne coupe pas toutes les ressources actives?

J'attends qq idées

merci
pietro

oki j'ai demandé et te tiens au courant demain mais probablement o soir kan serai rentré.
Merci tdm

Ke raconte les logs? rien de spéce?

Je me dis: y doit y avoir un bug dans xp et installer qui croit devoir charger un cd (Archi etc) alors kya rien. Mais comme c un bug interne aucun anti virolo ne détecte...? Jamairs rien entendu de ce genre?

Salut je reviens enfin.
Mon 'gamin' a réussi à redémarrer windows correctement.
en fait l'action proposée à enlevé tous les outils windows ainsi que les paramètres internet!
Il est parvenu à les copier sur un autre pc et les remettre à jour ici.

Je suis revenu au point de départ cad tjs windows installer qui demande d'installer le cd de Architecte Studio.

Tu m'as dit qu'une dll à l'air de déconner? De quoi s'agit-il?

Merci pour les infos et l'aide.

Gaffe aux actions proposées tout de même, c'était chaud!

Pietro

Salut voilà les rapports (y me semble ya tjs le prob vu que j'ai eu la demande d'installer)

ComboFix 08-11-09.01 - AdrienM 2008-11-12 14:07:39.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.209 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\AdrienM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\avifilem.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\avifilem.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.

2008-11-11 22:19 . 2008-11-11 22:19 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-09 12:15 . 2008-11-09 12:15 <REP> d-------- C:\_OTMoveIt
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
.

((((((((((((((((((((((((((((( snapshot_2008-11-11_12.05.00,67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-11 21:19:31 42,248 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
+ 2008-11-11 21:19:31 27,912 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
+ 2008-11-11 21:19:31 73,728 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
+ 2008-11-11 21:19:31 83,296 ----a-w c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
- 2008-10-15 18:50:32 62,812 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-11 18:58:35 62,812 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-15 18:50:32 76,036 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-11 18:58:36 76,036 ----a-w c:\windows\system32\perfc00C.dat
- 2008-10-15 18:50:32 404,288 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-11 18:58:36 404,288 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-15 18:50:32 472,104 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-11 18:58:36 472,104 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A15AC531-F8E7-4F95-A633-6DC2EAD9DACF}]
2004-08-05 13:00 104960 --a------ c:\windows\system32\avifilem.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gtrzrltg]
2004-08-05 13:00 104960 c:\windows\system32\avifilem.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 icflatuq;icflatuq;c:\windows\system32\drivers\icflatuq.sys [2004-08-05 23424]
R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 14:16:05
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Tools\PC\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Tools\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Heure de fin: 2008-11-12 14:27:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-12 13:27:11
ComboFix2.txt 2008-11-11 11:05:34
ComboFix3.txt 2008-11-10 12:27:46
ComboFix4.txt 2008-11-09 21:10:16
ComboFix5.txt 2008-11-12 13:06:54

Avant-CF: 5.598.187.520 octets libres
Après-CF: 5,583,704,064 octets libres

157 --- E O F --- 2008-10-24 10:31:24



Hijack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:09, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\tools\pc\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tools\PC\Eraser\eraser.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Tools\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A15AC531-F8E7-4F95-A633-6DC2EAD9DACF} - c:\windows\system32\avifilem.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Tools\PC\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1199796537046
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100562683359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gtrzrltg - C:\WINDOWS\SYSTEM32\avifilem.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\tools\pc\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

Bonjour Lyonnais, moi c wavrien ou alors Padovan ;-)

Voici les logs: Virustotal


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.13.0 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 TR/Trash.Gen
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.199 2008.11.12 -
BitDefender 7.2 2008.11.12 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 -
Ikarus T3.1.1.45.0 2008.11.12 Trojan.Trash
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 -
Microsoft 1.4104 2008.11.12 -
NOD32 3606 2008.11.12 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.12 -
Prevx1 V2 2008.11.12 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Trojan.Trash.Gen
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 -
Information additionnelle
File size: 104960 bytes
MD5...: 45ddc765e639d6a98a94af18de8a3a0e
SHA1..: 2be478ea9dc9a6e464e74e0282e775994f008402
SHA256: 1e3d13cd6fa7a350a267626c1cacf19e4e8b5697c62bacd32180b714a10f52ec
SHA512: f80c11e73d422020b1cebb48273f637e846294f307327dac374b1620a10036ee
0c323ee5a0eef6cf0369f9da6da35b37ef9abefd32511fbd6416a82dd733dc05
PEiD..: -
TrID..: File type identification
Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
PEInfo: -



Pour les experts par contre, j'ai cette réponse: The file is not accepted. Its format is not supported.


D'autre part, il y a un fichier nommé AVIFILE.DLL au même endroit et dans /system/. Je dois en faire qqch?

Merci
Pietro

OKI merci, j'ai donc lancé le nouveau Combofix dont voici le rapport:

ComboFix 08-11-11.01 - AdrienM 2008-11-13 0:52:09.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.225 [GMT 1:00]
Lancé depuis: c:\program files\Tools\PC\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 14:33 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:32 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:19 . 2008-11-11 22:19 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-11 19:58 . 2008-11-12 18:11 1,393 --a------ c:\windows\imsins.BAK
2008-11-09 12:15 . 2008-11-09 12:15 <REP> d-------- C:\_OTMoveIt
2008-11-05 14:57 . 2008-11-05 14:57 <REP> d-------- c:\documents and settings\AdrienM\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-11-05 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 14:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 14:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-29 17:15 . 2004-08-05 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-24 11:23 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 08:45 . 2008-10-23 08:45 <REP> d-------- c:\program files\Sun
2008-10-23 08:44 . 2008-10-23 08:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 08:39 . 2008-10-23 08:39 607,640 --a------ c:\program files\xpiinstall.exe
2008-10-15 07:51 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 07:50 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:50 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:50 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 09:09 --------- d-----w c:\program files\Yahoo!
2008-11-08 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 09:09 --------- d-----w c:\documents and settings\AdrienM\Application Data\Spybot - Search & Destroy
2008-11-08 09:04 --------- d-----w c:\program files\Creatures 3
2008-11-08 09:03 --------- d-----w c:\program files\ANNO 1602 Version Gold
2008-11-05 13:56 --------- d-----w c:\program files\Tools
2008-11-01 17:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-30 12:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 10:16 --------- d-----w c:\documents and settings\AdrienM\Application Data\Skype
2008-09-28 07:13 --------- d-----w c:\documents and settings\AdrienM\Application Data\skypePM
2008-09-23 19:22 --------- d-----w c:\program files\Skype
2008-09-23 19:22 --------- d-----w c:\program files\Fichiers communs\Skype
2008-09-23 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-21 10:37 --------- d-----w c:\program files\MSECache
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 05:10 670,208 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-05-28 118784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Eraser"="c:\program files\Tools\PC\Eraser\eraser.exe" [2007-12-23 916240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-20 218496]

c:\documents and settings\AdrienM\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\Tools\SpywareGuard\sgmain.exe [2006-11-05 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 musm3gld;musm3gld;c:\windows\system32\drivers\musm3gld.sys [2006-02-24 5513]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-11-26 163840]
.
Contenu du dossier 'Tâches planifiées'

2008-11-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Tools\Spybot - Search & Destroy\SpybotSD.exe []

2008-11-01 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []

2007-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Tools\SpyEraser\SpyEraser.exe []
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\AdrienM\Application Data\Mozilla\Firefox\Profiles\7xnwrgd4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.altavista.com
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 00:56:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\AdrienM\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1096 bytes hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\SNDSrvc]
"ImagePath"="-"
.
Heure de fin: 2008-11-13 1:02:06
ComboFix-quarantined-files.txt 2008-11-13 00:02:03
ComboFix2.txt 2008-11-12 22:42:19
ComboFix3.txt 2008-11-12 22:20:21
ComboFix4.txt 2008-11-12 13:27:20
ComboFix5.txt 2008-11-12 23:51:51

Avant-CF: 6.152.278.016 octets libres
Après-CF: 6,136,360,960 octets libres

135 --- E O F --- 2008-11-12 17:14:35


ensuite j'ai lancé le abcde.bat ce qui a donné ceci:

Le volume dans le lecteur C s'appelle Main Papa
Le numéro de série du volume est E080-08A6

Répertoire de C:\Qoobox

13/11/2008 01:02 <REP> .
13/11/2008 01:02 <REP> ..
13/11/2008 01:02 4.299 Add-Remove Programs.txt
12/11/2008 23:27 <REP> BackEnv
09/11/2008 21:10 880 CFScript_used_2008-11-09@21.52.txt
10/11/2008 13:06 355 CFScript_used_2008-11-10@13.09.txt
12/11/2008 13:32 238 CFScript_used_2008-11-12@14.07.txt
12/11/2008 22:53 307 CFScript_used_2008-11-12@23.03.txt
12/11/2008 23:25 399 CFScript_used_2008-11-12@23.27.txt
13/11/2008 01:02 5.704 ComboFix-quarantined-files.txt
12/11/2008 23:42 8.965 ComboFix2.txt
12/11/2008 23:20 16.193 ComboFix3.txt
12/11/2008 14:27 10.123 ComboFix4.txt
13/11/2008 00:51 94.208 ComboFix5.txt
12/11/2008 23:27 <REP> Quarantine
08/11/2008 22:43 1.064.561 snapshot@2008-11-08_22.43.13.85.dat
08/11/2008 22:43 996.875 snapshot@2008-11-08_22.43.13.85_B.dat
11/11/2008 12:04 1.064.473 snapshot_2008-11-11_12.05.00,67.dat
11/11/2008 12:04 996.793 snapshot_2008-11-11_12.05.00,67_B.dat
12/11/2008 23:19 1.056.090 snapshot_2008-11-12_23.19.53.29.dat
12/11/2008 23:19 988.914 snapshot_2008-11-12_23.19.53.29_B.dat
17 fichier(s) 6.309.377 octets
4 Rép(s) 6.157.991.936 octets libres


et enfin hijack a donné ceci:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:01, on 13/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\tools\pc\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tools\PC\Eraser\eraser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tools\SpywareGuard\sgmain.exe
C:\Program Files\Tools\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tools\PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Tools\SpywareGuard\dlprotect.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Tools\PC\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Tools\SpywareGuard\sgmain.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1199796537046
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100562683359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\tools\pc\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

Salut Lyonnais, j'ai réinstallé Avast et fait tourner. Aucun virus. Idem avec Malwarebytes et Adaware.

Par contre, j'ai toujours le message d'installation.

Une autre idée?

Merci
Pietro