Virus malware et cftmon.exe ???

Bonjour,

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

ComboFix 09-02-05.02 - SeLoR 2009-02-06 10:58:50.1 - NTFSx86

Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.2047.1344 [GMT 1:00]

Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

 * Un nouveau point de restauration a été créé

 
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]

c:\program files\SuperCopier2\SC2Hook.dll

 
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))

.

 
C:\Autorun.inf

c:\documents and settings\SeLoR\Menu Démarrer\Programmes\Démarrage\ctfmon.exe

c:\recycled\Recycled

c:\recycled\Recycled\ctfmon.exe

c:\windows\system32\amvo0.dll

E:\Autorun.inf

H:\Autorun.inf

 
.

(((((((((((((((((((((((((((((   Fichiers créés du 2009-01-06 au 2009-02-06  ))))))))))))))))))))))))))))))))))))

.

 
2009-02-06 11:09 . 2009-02-06 11:10	113	-r-hs----	C:\autorun.inf

2009-02-04 13:44 . 2009-02-06 10:45	89,600	-r-hs----	c:\windows\system32\optyhww1.dll

2009-02-04 13:39 . 2009-02-04 13:39	268	--ah-----	C:\sqmdata15.sqm

2009-02-04 13:39 . 2009-02-04 13:39	244	--ah-----	C:\sqmnoopt15.sqm

2009-02-04 12:57 . 2009-02-06 10:45	106,827	-r-hs----	C:\ft96s.exe

2009-02-04 12:56 . 2009-02-06 10:45	106,827	-r-hs----	c:\windows\system32\urretnd.exe

2009-02-04 12:56 . 2009-02-06 11:08	89,600	-r-hs----	c:\windows\system32\optyhww0.dll

2009-02-03 17:44 . 2009-02-03 17:44	268	--ah-----	C:\sqmdata14.sqm

2009-02-03 17:44 . 2009-02-03 17:44	244	--ah-----	C:\sqmnoopt14.sqm

2009-02-03 17:37 . 2009-02-03 17:37	<REP>	d--------	c:\program files\Sun

2009-02-03 17:37 . 2009-02-03 17:37	410,984	--a------	c:\windows\system32\deploytk.dll

2009-02-02 23:39 . 2009-02-02 23:39	268	--ah-----	C:\sqmdata13.sqm

2009-02-02 23:39 . 2009-02-02 23:39	244	--ah-----	C:\sqmnoopt13.sqm

2009-01-30 17:13 . 2009-01-30 17:13	268	--ah-----	C:\sqmdata12.sqm

2009-01-30 17:13 . 2009-01-30 17:13	244	--ah-----	C:\sqmnoopt12.sqm

2009-01-30 15:59 . 2009-02-03 16:31	<REP>	d--------	c:\documents and settings\SeLoR\workspace

2009-01-26 18:41 . 2009-01-26 18:41	268	--ah-----	C:\sqmdata11.sqm

2009-01-26 18:41 . 2009-01-26 18:41	244	--ah-----	C:\sqmnoopt11.sqm

2009-01-26 11:23 . 2008-12-27 16:16	100,808	--a------	C:\IMG_1459.JPG

2009-01-25 23:17 . 2009-01-25 23:17	268	--ah-----	C:\sqmdata10.sqm

2009-01-25 23:17 . 2009-01-25 23:17	244	--ah-----	C:\sqmnoopt10.sqm

2009-01-25 15:45 . 2009-01-25 15:45	268	--ah-----	C:\sqmdata09.sqm

2009-01-25 15:45 . 2009-01-25 15:45	244	--ah-----	C:\sqmnoopt09.sqm

2009-01-19 00:00 . 2009-01-19 00:00	268	--ah-----	C:\sqmdata08.sqm

2009-01-19 00:00 . 2009-01-19 00:00	244	--ah-----	C:\sqmnoopt08.sqm

2009-01-15 22:09 . 2009-01-15 22:09	268	--ah-----	C:\sqmdata07.sqm

2009-01-15 22:09 . 2009-01-15 22:09	244	--ah-----	C:\sqmnoopt07.sqm

2009-01-15 21:44 . 2004-08-04 00:54	159,232	--a------	c:\windows\system32\ptpusd.dll

2009-01-15 21:44 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\drivers\usbscan.sys

2009-01-15 21:44 . 2004-08-03 22:58	15,104	--a--c---	c:\windows\system32\dllcache\usbscan.sys

2009-01-15 21:44 . 2001-08-23 17:47	5,632	--a------	c:\windows\system32\ptpusb.dll

2009-01-15 17:46 . 2008-04-17 13:12	107,368	--a------	c:\windows\system32\GEARAspi.dll

2009-01-15 17:46 . 2008-04-17 13:12	15,464	--a------	c:\windows\system32\drivers\GEARAspiWDM.sys

2009-01-15 17:45 . 2009-01-15 17:46	<REP>	d--------	c:\program files\iTunes

2009-01-15 17:45 . 2009-01-15 17:45	<REP>	d--------	c:\program files\iPod

2009-01-15 17:45 . 2009-01-15 17:46	<REP>	d--------	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-15 17:42 . 2009-01-15 17:45	<REP>	d--------	c:\program files\Fichiers communs\Apple

2009-01-15 17:42 . 2009-01-15 17:42	<REP>	d--------	c:\program files\Apple Software Update

2009-01-15 17:42 . 2008-11-07 14:23	32,000	--a------	c:\windows\system32\drivers\usbaapl.sys

2009-01-15 17:41 . 2009-01-15 17:41	<REP>	d--------	c:\documents and settings\All Users\Application Data\Apple

2009-01-14 22:45 . 2009-01-14 22:45	268	--ah-----	C:\sqmdata06.sqm

2009-01-14 22:45 . 2009-01-14 22:45	244	--ah-----	C:\sqmnoopt06.sqm

2009-01-11 23:10 . 2009-01-11 23:10	268	--ah-----	C:\sqmdata05.sqm

2009-01-11 23:10 . 2009-01-11 23:10	244	--ah-----	C:\sqmnoopt05.sqm

2009-01-09 10:39 . 2009-01-09 10:39	268	--ah-----	C:\sqmdata04.sqm

2009-01-09 10:39 . 2009-01-09 10:39	244	--ah-----	C:\sqmnoopt04.sqm

2009-01-08 23:56 . 2009-01-08 23:56	80	-r-hs----	c:\windows\3DXCT.BIN

2009-01-08 23:54 . 2009-01-08 23:54	<REP>	d--------	c:\windows\Logs

2009-01-08 22:37 . 2009-01-08 22:37	268	--ah-----	C:\sqmdata03.sqm

2009-01-08 22:37 . 2009-01-08 22:37	244	--ah-----	C:\sqmnoopt03.sqm

2009-01-08 19:00 . 2009-01-08 19:00	268	--ah-----	C:\sqmdata02.sqm

2009-01-08 19:00 . 2009-01-08 19:00	244	--ah-----	C:\sqmnoopt02.sqm

2009-01-08 16:51 . 2009-01-08 16:51	<REP>	d--------	c:\documents and settings\SeLoR\Application Data\Reallusion

2009-01-08 16:24 . 2009-02-04 15:13	<REP>	d--------	c:\program files\Reallusion

2009-01-08 16:24 . 2009-01-08 23:56	<REP>	d--------	c:\program files\Fichiers communs\Reallusion

2009-01-08 16:24 . 2009-01-09 10:31	<REP>	d--------	c:\documents and settings\All Users\Application Data\Reallusion

2009-01-08 16:24 . 2009-01-08 16:24	80	-r-hs----	c:\windows\CT5STET.BIN

2009-01-08 16:23 . 2009-01-08 16:23	<REP>	d--------	c:\documents and settings\SeLoR\Application Data\InstallShield

2009-01-06 01:13 . 2009-01-06 01:13	268	--ah-----	C:\sqmdata01.sqm

2009-01-06 01:13 . 2009-01-06 01:13	244	--ah-----	C:\sqmnoopt01.sqm

 
.

((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 10:09	---------	d-----w	c:\documents and settings\SeLoR\Application Data\Skype

2009-02-06 10:06	---------	d-----w	c:\program files\SuperCopier2

2009-02-06 09:41	---------	d-----w	c:\program files\LogMeIn

2009-02-04 14:14	---------	d--h--w	c:\program files\InstallShield Installation Information

2009-02-04 14:07	---------	d-----w	c:\documents and settings\SeLoR\Application Data\Gesloc

2009-02-04 11:18	---------	d-----w	c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic

2009-02-03 16:37	---------	d-----w	c:\program files\Java

2009-01-15 20:45	---------	d-----w	c:\documents and settings\SeLoR\Application Data\Apple Computer

2009-01-15 16:45	---------	d-----w	c:\program files\Bonjour

2009-01-15 16:44	---------	d-----w	c:\program files\QuickTime

2009-01-14 21:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-02 17:44	---------	d-----w	c:\program files\Microsoft Money 2005

2008-12-18 14:16	---------	d-----w	c:\program files\trucparticleIllusion 3.0

2008-12-18 08:41	---------	d-----w	c:\program files\nLite

2008-12-18 08:26	---------	d-----w	c:\program files\Windows Updates Downloader

2008-12-18 08:17	---------	d-----w	c:\program files\My Drivers

2008-12-16 21:46	---------	d-----w	c:\program files\LogMeIn Ignition

2008-12-13 19:12	---------	d-----w	c:\program files\FlashFXP

2008-12-11 11:57	333,184	----a-w	c:\windows\system32\drivers\srv.sys

2008-12-10 08:27	---------	d-----w	c:\program files\wLite

2008-12-10 08:27	---------	d-----w	c:\documents and settings\All Users\Application Data\webcamXP5

2008-12-09 18:58	---------	d-----w	c:\program files\Ant Renamer

2008-12-09 14:58	---------	d-----w	c:\documents and settings\All Users\Application Data\LogMeIn

2008-12-05 12:56	12	----a-w	c:\documents and settings\SeLoR\TV.dat

2008-11-30 20:55	339,968	----a-w	c:\windows\system32\pythoncom25.dll

2008-11-30 20:55	2,117,632	----a-w	c:\windows\system32\python25.dll

2008-11-30 20:55	114,688	----a-w	c:\windows\system32\pywintypes25.dll

2007-11-22 17:11	12	----a-w	c:\documents and settings\SeLoR\recsche.dat

.

 
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 

REGEDIT4

 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

"\\192.168.1.100\EPSON Stylus Photo RX640 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE" [2007-01-16 177664]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]

"cbvcs"="c:\windows\system32\urretnd.exe" [2009-02-06 106827]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]

"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]

"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]

"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]

"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]

"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]

"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]

"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 
c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\

Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

 
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.LAGS"= lagarith.dll

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]

@="Driver"

 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=

"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=

"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=

"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]

R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]

R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]

R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]

S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]

S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]

S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 
--- Autres Services/Pilotes en mémoire ---

 
*Deregistered* - mchInjDrv

 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]

\Shell\AutoRun\command - F:\[u]0[/u]0hoeav.com

\Shell\explore\Command - F:\[u]0[/u]0hoeav.com

\Shell\open\Command - F:\[u]0[/u]0hoeav.com

 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]

\Shell\AutoRun\command - F:\[u]0[/u]0hoeav.com

\Shell\explore\Command - F:\[u]0[/u]0hoeav.com

\Shell\open\Command - F:\[u]0[/u]0hoeav.com

 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]

\Shell\AutoRun\command - b.com

\Shell\explore\Command - b.com

\Shell\open\Command - b.com

 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{930fb87c-9132-11dd-8f75-001641b32978}]

\Shell\AutoRun\command - I:\[u]0[/u]0hoeav.com

\Shell\explore\Command - I:\[u]0[/u]0hoeav.com

\Shell\open\Command - I:\[u]0[/u]0hoeav.com

 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]

\Shell\AutoRun\command - I:\[u]0[/u]0hoeav.com

\Shell\explore\Command - I:\[u]0[/u]0hoeav.com

\Shell\open\Command - I:\[u]0[/u]0hoeav.com

.

Contenu du dossier 'Tâches planifiées'

 
2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORPHELINS SUPPRIMES - - - -

 
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)

 
 
.

------- Examen supplémentaire -------

.

uStart Page = hxxp://<a href="http://www.google.fr/ig?hl=fr" rel="nofollow" target="_blank">www.google.fr/ig?hl=fr</a>

uInternet Settings,ProxyServer = 192.168.201.253:3128

uInternet Settings,ProxyOverride = <local> 127.0.0.1

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: {08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE} = 192.168.201.1

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\

FF - prefs.js: browser.startup.homepage - hxxp://<a href="http://www.google.fr/ig?hl=fr" rel="nofollow" target="_blank">www.google.fr/ig?hl=fr</a>

FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=

FF - prefs.js: network.proxy.ftp - 192.168.201.253

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - 192.168.201.253

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.socks - 192.168.201.253

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 192.168.201.253

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

.

 
**************************************************************************

 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" rel="nofollow" target="_blank">http://www.gmer.net</a>

Rootkit scan 2009-02-06 11:08:14

Windows 5.1.2600 Service Pack 2 NTFS

 
Recherche de processus cachés ... 

 
Recherche d'éléments en démarrage automatique cachés ... 

 
Recherche de fichiers cachés ... 

 
Scan terminé avec succès

Fichiers cachés: 0

 
**************************************************************************

 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 
[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

 
[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Type"="wellknown"

"Order"=dword:00000001

"State"=dword:0000000b

 
[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]

"Name"="IESettings"

"Type"="IESettings"

"Order"=dword:00000004

"State"=dword:0000000b

 
[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]

"Name"="MediaFiles"

"Type"="MediaFiles"

"Order"=dword:00000003

"State"=dword:0000000b

 
[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]

"Name"="NPW"

"Param1"="NPW"

"Type"="wellknown"

"Order"=dword:00000002

"State"=dword:0000000b

 
[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]

"Name"="Outlook"

"DisplayName"="Microsoft Outlook"

"Param1"="Outlook"

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:00000020

 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,

   dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

 
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,

   dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 
- - - - - - - > 'winlogon.exe'(1068)

c:\windows\system32\LMIinit.dll

c:\program files\AlienGUIse\fastload.dll

c:\windows\system32\LMIRfsClientNP.dll

 
- - - - - - - > 'lsass.exe'(1128)

c:\windows\system32\relog_ap.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe

c:\program files\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\LogMeIn\x86\ramaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\windows\system32\MNSFramework.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2009-02-06 11:14:48 - La machine a redémarré

ComboFix-quarantined-files.txt  2009-02-06 10:14:41

 
Avant-CF: 8 641 306 624 octets libres

Après-CF: 10,367,275,008 octets libres

 
371	--- E O F ---	2009-01-14 21:48:30

  Bonjour,

AngelDark s'absente, je vais prendre la suite.

Tu peux poster le rapport normalement sans balises stp ?

 

Bonjour et merci de reprendre la suite  

j'ai eut deux nouvelles alertes ce matin de avira

Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\SeLoR\Local Settings\Temp\help.exe.
Action performed: Move file to quarantine

et celle ci :

Virus or unwanted program 'RKIT/Agent.4160 [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\klif.sys.
Action performed: Deny access


et je reposte le rapport de combofix ainsi d'avant le week end et je refait un nouveau log hijackthis ce matin derriere :

ComboFix 09-02-05.02 - SeLoR 2009-02-06 10:58:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1344 [GMT 1:00]
Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\SeLoR\Menu Démarrer\Programmes\Démarrage\ctfmon.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\system32\amvo0.dll
E:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-06 11:09 . 2009-02-06 11:10 113 -r-hs---- C:\autorun.inf
2009-02-04 13:44 . 2009-02-06 10:45 89,600 -r-hs---- c:\windows\system32\optyhww1.dll
2009-02-04 13:39 . 2009-02-04 13:39 268 --ah----- C:\sqmdata15.sqm
2009-02-04 13:39 . 2009-02-04 13:39 244 --ah----- C:\sqmnoopt15.sqm
2009-02-04 12:57 . 2009-02-06 10:45 106,827 -r-hs---- C:\ft96s.exe
2009-02-04 12:56 . 2009-02-06 10:45 106,827 -r-hs---- c:\windows\system32\urretnd.exe
2009-02-04 12:56 . 2009-02-06 11:08 89,600 -r-hs---- c:\windows\system32\optyhww0.dll
2009-02-03 17:44 . 2009-02-03 17:44 268 --ah----- C:\sqmdata14.sqm
2009-02-03 17:44 . 2009-02-03 17:44 244 --ah----- C:\sqmnoopt14.sqm
2009-02-03 17:37 . 2009-02-03 17:37 <REP> d-------- c:\program files\Sun
2009-02-03 17:37 . 2009-02-03 17:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 23:39 . 2009-02-02 23:39 268 --ah----- C:\sqmdata13.sqm
2009-02-02 23:39 . 2009-02-02 23:39 244 --ah----- C:\sqmnoopt13.sqm
2009-01-30 17:13 . 2009-01-30 17:13 268 --ah----- C:\sqmdata12.sqm
2009-01-30 17:13 . 2009-01-30 17:13 244 --ah----- C:\sqmnoopt12.sqm
2009-01-30 15:59 . 2009-02-03 16:31 <REP> d-------- c:\documents and settings\SeLoR\workspace
2009-01-26 18:41 . 2009-01-26 18:41 268 --ah----- C:\sqmdata11.sqm
2009-01-26 18:41 . 2009-01-26 18:41 244 --ah----- C:\sqmnoopt11.sqm
2009-01-26 11:23 . 2008-12-27 16:16 100,808 --a------ C:\IMG_1459.JPG
2009-01-25 23:17 . 2009-01-25 23:17 268 --ah----- C:\sqmdata10.sqm
2009-01-25 23:17 . 2009-01-25 23:17 244 --ah----- C:\sqmnoopt10.sqm
2009-01-25 15:45 . 2009-01-25 15:45 268 --ah----- C:\sqmdata09.sqm
2009-01-25 15:45 . 2009-01-25 15:45 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 00:00 . 2009-01-19 00:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 00:00 . 2009-01-19 00:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-15 22:09 . 2009-01-15 22:09 268 --ah----- C:\sqmdata07.sqm
2009-01-15 22:09 . 2009-01-15 22:09 244 --ah----- C:\sqmnoopt07.sqm
2009-01-15 21:44 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-15 21:44 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-15 17:46 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-15 17:46 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\program files\iTunes
2009-01-15 17:45 . 2009-01-15 17:45 <REP> d-------- c:\program files\iPod
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 17:42 . 2009-01-15 17:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-15 17:42 . 2009-01-15 17:42 <REP> d-------- c:\program files\Apple Software Update
2009-01-15 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-15 17:41 . 2009-01-15 17:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-14 22:45 . 2009-01-14 22:45 268 --ah----- C:\sqmdata06.sqm
2009-01-14 22:45 . 2009-01-14 22:45 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 23:10 . 2009-01-11 23:10 268 --ah----- C:\sqmdata05.sqm
2009-01-11 23:10 . 2009-01-11 23:10 244 --ah----- C:\sqmnoopt05.sqm
2009-01-09 10:39 . 2009-01-09 10:39 268 --ah----- C:\sqmdata04.sqm
2009-01-09 10:39 . 2009-01-09 10:39 244 --ah----- C:\sqmnoopt04.sqm
2009-01-08 23:56 . 2009-01-08 23:56 80 -r-hs---- c:\windows\3DXCT.BIN
2009-01-08 23:54 . 2009-01-08 23:54 <REP> d-------- c:\windows\Logs
2009-01-08 22:37 . 2009-01-08 22:37 268 --ah----- C:\sqmdata03.sqm
2009-01-08 22:37 . 2009-01-08 22:37 244 --ah----- C:\sqmnoopt03.sqm
2009-01-08 19:00 . 2009-01-08 19:00 268 --ah----- C:\sqmdata02.sqm
2009-01-08 19:00 . 2009-01-08 19:00 244 --ah----- C:\sqmnoopt02.sqm
2009-01-08 16:51 . 2009-01-08 16:51 <REP> d-------- c:\documents and settings\SeLoR\Application Data\Reallusion
2009-01-08 16:24 . 2009-02-04 15:13 <REP> d-------- c:\program files\Reallusion
2009-01-08 16:24 . 2009-01-08 23:56 <REP> d-------- c:\program files\Fichiers communs\Reallusion
2009-01-08 16:24 . 2009-01-09 10:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Reallusion
2009-01-08 16:24 . 2009-01-08 16:24 80 -r-hs---- c:\windows\CT5STET.BIN
2009-01-08 16:23 . 2009-01-08 16:23 <REP> d-------- c:\documents and settings\SeLoR\Application Data\InstallShield
2009-01-06 01:13 . 2009-01-06 01:13 268 --ah----- C:\sqmdata01.sqm
2009-01-06 01:13 . 2009-01-06 01:13 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 10:09 --------- d-----w c:\documents and settings\SeLoR\Application Data\Skype
2009-02-06 10:06 --------- d-----w c:\program files\SuperCopier2
2009-02-06 09:41 --------- d-----w c:\program files\LogMeIn
2009-02-04 14:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 14:07 --------- d-----w c:\documents and settings\SeLoR\Application Data\Gesloc
2009-02-04 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-02-03 16:37 --------- d-----w c:\program files\Java
2009-01-15 20:45 --------- d-----w c:\documents and settings\SeLoR\Application Data\Apple Computer
2009-01-15 16:45 --------- d-----w c:\program files\Bonjour
2009-01-15 16:44 --------- d-----w c:\program files\QuickTime
2009-01-14 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-02 17:44 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-18 14:16 --------- d-----w c:\program files\trucparticleIllusion 3.0
2008-12-18 08:41 --------- d-----w c:\program files\nLite
2008-12-18 08:26 --------- d-----w c:\program files\Windows Updates Downloader
2008-12-18 08:17 --------- d-----w c:\program files\My Drivers
2008-12-16 21:46 --------- d-----w c:\program files\LogMeIn Ignition
2008-12-13 19:12 --------- d-----w c:\program files\FlashFXP
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 08:27 --------- d-----w c:\program files\wLite
2008-12-10 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\webcamXP5
2008-12-09 18:58 --------- d-----w c:\program files\Ant Renamer
2008-12-09 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-05 12:56 12 ----a-w c:\documents and settings\SeLoR\TV.dat
2008-11-30 20:55 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-30 20:55 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-30 20:55 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2007-11-22 17:11 12 ----a-w c:\documents and settings\SeLoR\recsche.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"\\192.168.1.100\EPSON Stylus Photo RX640 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE" [2007-01-16 177664]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"cbvcs"="c:\windows\system32\urretnd.exe" [2009-02-06 106827]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{930fb87c-9132-11dd-8f75-001641b32978}]
\Shell\AutoRun\command - I:\00hoeav.com
\Shell\explore\Command - I:\00hoeav.com
\Shell\open\Command - I:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]
\Shell\AutoRun\command - I:\00hoeav.com
\Shell\explore\Command - I:\00hoeav.com
\Shell\open\Command - I:\00hoeav.com
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr
uInternet Settings,ProxyServer = 192.168.201.253:3128
uInternet Settings,ProxyOverride = <local> 127.0.0.1
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE} = 192.168.201.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.ftp - 192.168.201.253
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.201.253
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.201.253
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.201.253
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 11:08:14
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\LMIinit.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-06 11:14:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-06 10:14:41

Avant-CF: 8 641 306 624 octets libres
Après-CF: 10,367,275,008 octets libres

371 --- E O F --- 2009-01-14 21:48:30

Nouveau rapport Hijack de ce matin :

Logfile of HijackThis v1.99.1
Scan saved at 11:15:37, on 09/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\LifeView DTV\RemoteControl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Mobile Net Switch\MNS.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SeLoR\Bureau\hijackthis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.201.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\\192.168.1.100\EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /FU "C:\DOCUME~1\SeLoR\LOCALS~1\Temp\E_S17F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

une idee ?

jai relancer combofix et il a apparemment encore degager des trucs

voici le nouveau rapport .. je fais tout seul hein mais vu que personne me repond hihi ) 


ComboFix 09-02-08.02 - SeLoR 2009-02-10 0:53:58.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1354 [GMT 1:00]
Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\optyhww0.dll
c:\windows\system32\urretnd.exe
E:\Autorun.inf
F:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 01:00 . 2009-02-10 01:00 244 --ah----- C:\sqmnoopt18.sqm
2009-02-10 01:00 . 2009-02-10 01:00 232 --ah----- C:\sqmdata18.sqm
2009-02-09 23:04 . 2009-02-09 23:04 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-09 23:04 . 2009-02-09 23:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:25 . 2009-02-09 18:25 268 --ah----- C:\sqmdata17.sqm
2009-02-09 18:25 . 2009-02-09 18:25 244 --ah----- C:\sqmnoopt17.sqm
2009-02-06 18:28 . 2009-02-06 18:28 268 --ah----- C:\sqmdata16.sqm
2009-02-06 18:28 . 2009-02-06 18:28 244 --ah----- C:\sqmnoopt16.sqm
2009-02-04 13:44 . 2009-02-06 10:45 89,600 -r-hs---- c:\windows\system32\optyhww1.dll
2009-02-04 13:39 . 2009-02-04 13:39 268 --ah----- C:\sqmdata15.sqm
2009-02-04 13:39 . 2009-02-04 13:39 244 --ah----- C:\sqmnoopt15.sqm
2009-02-04 12:57 . 2009-02-06 10:45 106,827 -r-hs---- C:\ft96s.exe
2009-02-03 17:44 . 2009-02-03 17:44 268 --ah----- C:\sqmdata14.sqm
2009-02-03 17:44 . 2009-02-03 17:44 244 --ah----- C:\sqmnoopt14.sqm
2009-02-03 17:37 . 2009-02-03 17:37 <REP> d-------- c:\program files\Sun
2009-02-03 17:37 . 2009-02-03 17:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 23:39 . 2009-02-02 23:39 268 --ah----- C:\sqmdata13.sqm
2009-02-02 23:39 . 2009-02-02 23:39 244 --ah----- C:\sqmnoopt13.sqm
2009-01-30 17:13 . 2009-01-30 17:13 268 --ah----- C:\sqmdata12.sqm
2009-01-30 17:13 . 2009-01-30 17:13 244 --ah----- C:\sqmnoopt12.sqm
2009-01-30 15:59 . 2009-02-03 16:31 <REP> d-------- c:\documents and settings\SeLoR\workspace
2009-01-26 18:41 . 2009-01-26 18:41 268 --ah----- C:\sqmdata11.sqm
2009-01-26 18:41 . 2009-01-26 18:41 244 --ah----- C:\sqmnoopt11.sqm
2009-01-26 11:23 . 2008-12-27 16:16 100,808 --a------ C:\IMG_1459.JPG
2009-01-25 23:17 . 2009-01-25 23:17 268 --ah----- C:\sqmdata10.sqm
2009-01-25 23:17 . 2009-01-25 23:17 244 --ah----- C:\sqmnoopt10.sqm
2009-01-25 15:45 . 2009-01-25 15:45 268 --ah----- C:\sqmdata09.sqm
2009-01-25 15:45 . 2009-01-25 15:45 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 00:00 . 2009-01-19 00:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 00:00 . 2009-01-19 00:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-15 22:09 . 2009-01-15 22:09 268 --ah----- C:\sqmdata07.sqm
2009-01-15 22:09 . 2009-01-15 22:09 244 --ah----- C:\sqmnoopt07.sqm
2009-01-15 21:44 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-15 21:44 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-15 17:46 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-15 17:46 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\program files\iTunes
2009-01-15 17:45 . 2009-01-15 17:45 <REP> d-------- c:\program files\iPod
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 17:42 . 2009-01-15 17:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-15 17:42 . 2009-01-15 17:42 <REP> d-------- c:\program files\Apple Software Update
2009-01-15 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-15 17:41 . 2009-01-15 17:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-14 22:45 . 2009-01-14 22:45 268 --ah----- C:\sqmdata06.sqm
2009-01-14 22:45 . 2009-01-14 22:45 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 23:10 . 2009-01-11 23:10 268 --ah----- C:\sqmdata05.sqm
2009-01-11 23:10 . 2009-01-11 23:10 244 --ah----- C:\sqmnoopt05.sqm
2009-01-09 10:39 . 2009-01-09 10:39 268 --ah----- C:\sqmdata04.sqm
2009-01-09 10:39 . 2009-01-09 10:39 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 00:01 --------- d-----w c:\documents and settings\SeLoR\Application Data\Skype
2009-02-09 23:58 --------- d-----w c:\program files\SuperCopier2
2009-02-09 23:54 --------- d-----w c:\program files\LogMeIn
2009-02-04 14:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 14:13 --------- d-----w c:\program files\Reallusion
2009-02-04 14:07 --------- d-----w c:\documents and settings\SeLoR\Application Data\Gesloc
2009-02-04 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-02-03 16:37 --------- d-----w c:\program files\Java
2009-01-15 20:45 --------- d-----w c:\documents and settings\SeLoR\Application Data\Apple Computer
2009-01-15 16:45 --------- d-----w c:\program files\Bonjour
2009-01-15 16:44 --------- d-----w c:\program files\QuickTime
2009-01-14 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-09 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Reallusion
2009-01-08 22:56 --------- d-----w c:\program files\Fichiers communs\Reallusion
2009-01-08 15:51 --------- d-----w c:\documents and settings\SeLoR\Application Data\Reallusion
2009-01-08 15:23 --------- d-----w c:\documents and settings\SeLoR\Application Data\InstallShield
2009-01-02 17:44 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-18 14:16 --------- d-----w c:\program files\trucparticleIllusion 3.0
2008-12-18 08:41 --------- d-----w c:\program files\nLite
2008-12-18 08:26 --------- d-----w c:\program files\Windows Updates Downloader
2008-12-18 08:17 --------- d-----w c:\program files\My Drivers
2008-12-16 21:46 --------- d-----w c:\program files\LogMeIn Ignition
2008-12-13 19:12 --------- d-----w c:\program files\FlashFXP
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 08:27 --------- d-----w c:\program files\wLite
2008-12-10 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\webcamXP5
2008-12-09 18:58 --------- d-----w c:\program files\Ant Renamer
2008-12-09 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-05 12:56 12 ----a-w c:\documents and settings\SeLoR\TV.dat
2008-11-30 20:55 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-30 20:55 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-30 20:55 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2007-11-22 17:11 12 ----a-w c:\documents and settings\SeLoR\recsche.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-06_11.13.29.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 23:59:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_320.dat
+ 2009-02-10 00:00:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"\\192.168.1.100\EPSON Stylus Photo RX640 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE" [2007-01-16 177664]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2906da7-bbaa-11dd-8f97-001641b32978}]
\Shell\AutoRun\command - J:\ft96s.exe
\Shell\open\Command - J:\ft96s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]
\Shell\AutoRun\command - I:\00hoeav.com
\Shell\explore\Command - I:\00hoeav.com
\Shell\open\Command - I:\00hoeav.com
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-cbvcs - c:\windows\system32\urretnd.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr
uInternet Settings,ProxyServer = 192.168.201.253:3128
uInternet Settings,ProxyOverride = <local> 127.0.0.1
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.ftp - 192.168.201.253
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.201.253
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.201.253
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.201.253
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 01:00:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\LMIinit.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-02-10 1:07:29 - La machine a redémarré [SeLoR]
ComboFix-quarantined-files.txt 2009-02-10 00:07:21
ComboFix2.txt 2009-02-06 10:14:54

Avant-CF: 6,785,785,856 octets libres
Après-CF: 6,769,618,944 octets libres

366 --- E O F --- 2009-01-14 21:48:30

 

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )



=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

 

SLt et merci de ton aide  

New Combofix :

ComboFix 09-02-10.03 - SeLoR 2009-02-11 18:49:49.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1360 [GMT 1:00]
Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\SeLoR\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
C:\ft96s.exe
c:\windows\system32\optyhww1.dll
F:\00hoeav.com
I:\00hoeav.com
J:\ft96s.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ft96s.exe
c:\windows\system32\optyhww0.dll
c:\windows\system32\optyhww1.dll
c:\windows\system32\urretnd.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 20:54 . 2009-02-10 20:54 <REP> d-------- c:\program files\Windows Media Connect 2
2009-02-10 20:51 . 2009-02-10 20:52 <REP> d-------- c:\windows\system32\drivers\UMDF
2009-02-10 19:05 . 2009-02-10 19:05 <REP> d-------- c:\program files\RealVNC
2009-02-10 17:40 . 2009-02-10 17:40 <REP> d-------- c:\program files\TwonkyMedia
2009-02-10 17:40 . 2009-02-10 17:44 <REP> d-------- c:\documents and settings\SeLoR\Application Data\TwonkyMedia
2009-02-10 17:02 . 2009-02-10 17:02 <REP> d-------- c:\program files\Avira
2009-02-10 17:02 . 2009-02-10 17:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-10 10:30 . 2009-02-10 10:30 <REP> d-------- c:\program files\Avira GmbH
2009-02-10 01:00 . 2009-02-10 01:00 244 --ah----- C:\sqmnoopt18.sqm
2009-02-10 01:00 . 2009-02-10 01:00 232 --ah----- C:\sqmdata18.sqm
2009-02-09 23:04 . 2009-02-09 23:04 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-09 23:04 . 2009-02-09 23:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:25 . 2009-02-09 18:25 268 --ah----- C:\sqmdata17.sqm
2009-02-09 18:25 . 2009-02-09 18:25 244 --ah----- C:\sqmnoopt17.sqm
2009-02-06 18:28 . 2009-02-06 18:28 268 --ah----- C:\sqmdata16.sqm
2009-02-06 18:28 . 2009-02-06 18:28 244 --ah----- C:\sqmnoopt16.sqm
2009-02-04 13:39 . 2009-02-04 13:39 268 --ah----- C:\sqmdata15.sqm
2009-02-04 13:39 . 2009-02-04 13:39 244 --ah----- C:\sqmnoopt15.sqm
2009-02-03 17:44 . 2009-02-03 17:44 268 --ah----- C:\sqmdata14.sqm
2009-02-03 17:44 . 2009-02-03 17:44 244 --ah----- C:\sqmnoopt14.sqm
2009-02-03 17:37 . 2009-02-03 17:37 <REP> d-------- c:\program files\Sun
2009-02-03 17:37 . 2009-02-03 17:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 23:39 . 2009-02-02 23:39 268 --ah----- C:\sqmdata13.sqm
2009-02-02 23:39 . 2009-02-02 23:39 244 --ah----- C:\sqmnoopt13.sqm
2009-01-30 17:13 . 2009-01-30 17:13 268 --ah----- C:\sqmdata12.sqm
2009-01-30 17:13 . 2009-01-30 17:13 244 --ah----- C:\sqmnoopt12.sqm
2009-01-30 15:59 . 2009-02-03 16:31 <REP> d-------- c:\documents and settings\SeLoR\workspace
2009-01-26 18:41 . 2009-01-26 18:41 268 --ah----- C:\sqmdata11.sqm
2009-01-26 18:41 . 2009-01-26 18:41 244 --ah----- C:\sqmnoopt11.sqm
2009-01-26 11:23 . 2008-12-27 16:16 100,808 --a------ C:\IMG_1459.JPG
2009-01-25 23:17 . 2009-01-25 23:17 268 --ah----- C:\sqmdata10.sqm
2009-01-25 23:17 . 2009-01-25 23:17 244 --ah----- C:\sqmnoopt10.sqm
2009-01-25 15:45 . 2009-01-25 15:45 268 --ah----- C:\sqmdata09.sqm
2009-01-25 15:45 . 2009-01-25 15:45 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 00:00 . 2009-01-19 00:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 00:00 . 2009-01-19 00:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-15 22:09 . 2009-01-15 22:09 268 --ah----- C:\sqmdata07.sqm
2009-01-15 22:09 . 2009-01-15 22:09 244 --ah----- C:\sqmnoopt07.sqm
2009-01-15 21:44 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-15 21:44 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-15 17:46 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-15 17:46 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\program files\iTunes
2009-01-15 17:45 . 2009-01-15 17:45 <REP> d-------- c:\program files\iPod
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 17:42 . 2009-01-15 17:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-15 17:42 . 2009-01-15 17:42 <REP> d-------- c:\program files\Apple Software Update
2009-01-15 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-15 17:41 . 2009-01-15 17:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-15 16:54 . 2009-02-10 18:41 3,911,448 --a------ c:\windows\setupapi.log.22.old
2009-01-14 22:45 . 2009-01-14 22:45 268 --ah----- C:\sqmdata06.sqm
2009-01-14 22:45 . 2009-01-14 22:45 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 23:10 . 2009-01-11 23:10 268 --ah----- C:\sqmdata05.sqm
2009-01-11 23:10 . 2009-01-11 23:10 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 17:59 --------- d-----w c:\documents and settings\SeLoR\Application Data\Skype
2009-02-11 17:56 --------- d-----w c:\program files\SuperCopier2
2009-02-11 10:06 --------- d-----w c:\program files\LogMeIn
2009-02-10 09:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 14:13 --------- d-----w c:\program files\Reallusion
2009-02-04 14:07 --------- d-----w c:\documents and settings\SeLoR\Application Data\Gesloc
2009-02-03 16:37 --------- d-----w c:\program files\Java
2009-01-15 20:45 --------- d-----w c:\documents and settings\SeLoR\Application Data\Apple Computer
2009-01-15 16:45 --------- d-----w c:\program files\Bonjour
2009-01-15 16:44 --------- d-----w c:\program files\QuickTime
2009-01-14 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-09 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Reallusion
2009-01-08 22:56 --------- d-----w c:\program files\Fichiers communs\Reallusion
2009-01-08 15:51 --------- d-----w c:\documents and settings\SeLoR\Application Data\Reallusion
2009-01-08 15:23 --------- d-----w c:\documents and settings\SeLoR\Application Data\InstallShield
2009-01-02 17:44 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-18 14:16 --------- d-----w c:\program files\trucparticleIllusion 3.0
2008-12-18 08:41 --------- d-----w c:\program files\nLite
2008-12-18 08:26 --------- d-----w c:\program files\Windows Updates Downloader
2008-12-18 08:17 --------- d-----w c:\program files\My Drivers
2008-12-16 21:46 --------- d-----w c:\program files\LogMeIn Ignition
2008-12-13 19:12 --------- d-----w c:\program files\FlashFXP
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 12:56 12 ----a-w c:\documents and settings\SeLoR\TV.dat
2007-11-22 17:11 12 ----a-w c:\documents and settings\SeLoR\recsche.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-06_11.13.29.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2004-08-05 12:00:00 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 ----a-w c:\windows\inf\unregmp2.exe
- 2002-12-13 12:42:56 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w c:\windows\system32\asferror.dll
+ 2006-10-18 20:47:08 276,992 ------w c:\windows\system32\audiodev.dll
- 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2002-12-13 12:42:56 8,192 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-11-03 08:56:54 7,680 -c--a-w c:\windows\system32\dllcache\asferror.dll
- 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2008-06-10 04:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-05 12:00:00 310,272 -c--a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2004-08-05 12:00:00 384,512 -c--a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2004-08-05 12:00:00 240,640 -c--a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2004-08-05 12:00:00 368,640 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-11-03 08:57:06 244,224 -c--a-w c:\windows\system32\dllcache\mpvis.dll
- 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
- 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2004-08-05 12:00:00 778,240 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-03 09:02:28 1,680,384 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
- 2004-08-05 12:00:00 208,896 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-25 08:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2004-08-05 12:00:00 200,704 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-11-03 08:58:42 272,384 -c--a-w c:\windows\system32\dllcache\wmerror.dll
- 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2008-06-10 05:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2007-04-30 01:22:16 4,734,976 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2004-08-05 12:00:00 114,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
- 2004-08-05 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-11-03 08:58:48 96,256 -c--a-w c:\windows\system32\dllcache\wmpband.dll
- 2004-08-05 12:00:00 233,472 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-05 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-11-03 08:59:00 64,000 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
- 2004-08-05 12:00:00 2,985,984 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 -c--a-w c:\windows\system32\dllcache\wmploc.dll
- 2004-08-05 12:00:00 102,400 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
- 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2008-06-10 06:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
- 2007-02-27 14:18:30 40,000 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2006-11-22 13:30:31 14,848 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-11-25 21:30:37 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2007-03-01 09:34:36 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2006-10-18 20:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-18 19:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2008-06-10 04:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 20:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2004-08-05 12:00:00 310,272 ----a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2004-08-05 12:00:00 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2004-08-05 12:00:00 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 14:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-18 20:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
+ 2006-10-18 20:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
- 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-18 20:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-18 20:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-25 08:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-18 20:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-18 20:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-18 20:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-18 20:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2004-08-05 12:00:00 200,704 ----a-w c:\windows\system32\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w c:\windows\system32\wmerror.dll
- 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2008-06-10 05:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2007-04-30 01:22:16 4,734,976 ----a-w c:\windows\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
- 2004-08-05 12:00:00 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-05 12:00:00 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2006-10-18 20:47:20 1,661,440 ------w c:\windows\system32\wmpencen.dll
- 2004-08-05 12:00:00 2,985,984 ----a-w c:\windows\system32\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2004-08-05 12:00:00 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 20:47:20 204,288 ------w c:\windows\system32\wmpsrcwp.dll
- 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2008-06-10 06:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2006-10-18 20:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:12 44,032 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-10-18 20:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-28 19:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
+ 2009-02-11 17:56:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_594.dat
+ 2009-02-11 17:57:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_c0c.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TwonkyMedia\\twonkymediaserver.exe"=
"c:\\Program Files\\TwonkyMedia\\twonkymedia.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr
uInternet Settings,ProxyServer = 192.168.201.253:3128
uInternet Settings,ProxyOverride = <local> 127.0.0.1
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.ftp - 192.168.201.253
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.201.253
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.201.253
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.201.253
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 18:57:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\LMIinit.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-02-11 19:04:15 - La machine a redémarré [SeLoR]
ComboFix-quarantined-files.txt 2009-02-11 18:04:12
ComboFix2.txt 2009-02-10 00:07:31
ComboFix3.txt 2009-02-06 10:14:54

Avant-CF: 9,392,218,112 octets libres
Après-CF: 9,413,435,392 octets libres

574 --- E O F --- 2009-02-11 02:01:09

New Hijackthis ds la foulee  

Logfile of HijackThis v1.99.1
Scan saved at 19:06:51, on 11/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mobile Net Switch\MNS.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SeLoR\Bureau\hijackthis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.201.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

encore des truc qui trainent ?

Y a til encore des trucs qui trainent ??
merci je suis patient mais j'aimerais en finir avec les bebettes de cet ordi   

Euh la patience, tu connais ?  

  selor,

Oui je suis un peu long, je m'excuse pour ces délais bien trop longs, normalement je réponds au moins une fois par jour, mais depuis quelques temps j'ai d'autres projets liés à la sécurité informatique et donc je ne désinfecte plus, car plus le temps. J'ai juste repris quelques sujets d'AngelDark durant son absence, sujets que je n'avais pas l'intention de prendre initialement.

Merci pour ta compréhension.

On finit  

C'est toi qui a installé ce proxy ? Cela te dit-il quelque chose ?

uInternet Settings,ProxyServer = 192.168.201.253:3128

1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

2) ~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/partner/default/kavweb...

Clique sur Accept

Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

clique une nouvelle fois sur "Accept"

Les bases de mises à jour vont s'installer, patiente un moment

Clique sur Next.

Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.

Comment va le PC ? Toujours des problèmes ?

 

Euh vi mais je postais pour faire remonter le post je pensais que vous maviez oubliez  
Mais je pense que je le suis vivi