Se connecter avec
S'enregistrer | Connectez-vous
Votre question

Impossible de lancer un Antivirus

Tags :
Dernière réponse : dans Sécurité et virus
Partagez
6 Décembre 2008 20:15:07

Bonjour,
Il y a un ou deux mois, j'ai choppé une belle panoplie de Spyware, Adware et Worm en tout genre dont je suis débarrassé aujourd'hui. Enfin c'est ce que je croyais. Récemment, je me suis aperçu qu'il m'étais impossible de lancer un antivirus. J'ai essayé Avast!, Spyware Doc., Kaspersky, rien n'y fait ! Avant "l'agression" j'ai pouvait lancer Avast! et Spyware Doc. (J'ai tenté Kaspersky durant la période d'attaque) mais dès que je les ai eu je ne pouvais plus rien faire j'ai donc détruit un à un les squatteurs. Cependant, depuis, j'ai des fenêtres pop-up qui s'ouvrent régulièrement, et je ne puis toujours pas lancer d'Antivirus ><.
Je me suis dis qu'il fallait donc faire appel a des gens qui s'y connaissent voici la raison de mon post.
Voilà
Cordialement, Eltik

Autres pages sur : impossible lancer antivirus

6 Décembre 2008 22:07:51

bonsoir


Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    6 Décembre 2008 23:44:43

    Bonsoir,

    Voici le rapport comme demandé:


    DDS (Version 1.0) - NTFSx86
    Run by eltik at 23:43:05,83 on 06/12/2008
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2031.970 [GMT 1:00]

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    D:\Avast\aswUpdSv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
    C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Lenovo\file32\hotkey.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    D:\PowerISO\PWRISOVM.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    D:\Avast\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    D:\Valve\Steam\Steam.exe
    D:\Nokia\Nokia PC Suite 6\PcSync2.exe
    D:\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ManyCam 2.2\ManyCam.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Lenovo\MultiRecover\multitray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\uTorrent\uTorrent.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Windows\system32\sdclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\eltik\Downloads\dds(3).scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - d:\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {A34FA88D-8437-4634-8A60-E913011EF2E5} - c:\users\eltik\appdata\roaming\sp2\qaccess.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Steam] d:\valve\steam\Steam.exe -silent
    uRun: [Nokia.PCSync] "d:\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
    uRun: [PC Suite Tray] "d:\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" /WinStart
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ManyCam] "c:\program files\manycam 2.2\ManyCam.exe"
    uRun: [<NO NAME>] c:\users\eltik\appdata\roaming\adobe\Player.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    uRun: [\YURAEB5.exe] c:\windows\system32\YURAEB5.exe
    uRun: [\YURAEC5.exe] c:\windows\system32\YURAEC5.exe
    uRun: [\YURB856.exe] c:\windows\system32\YURB856.exe
    uRun: [\YURBAC6.exe] c:\windows\system32\YURBAC6.exe
    uRun: [Smart Antivirus-2009.exe] c:\program files\smart antivirus 2009\Smart Antivirus-2009.exe
    uRun: [\YUR9C7D.exe] c:\windows\system32\YUR9C7D.exe
    uRun: [\YUR9C9C.exe] c:\windows\system32\YUR9C9C.exe
    uRun: [\YUR9CBB.exe] c:\windows\system32\YUR9CBB.exe
    uRun: [\YUR9F0C.exe] c:\windows\system32\YUR9F0C.exe
    uRun: [\YUR816E.exe] c:\windows\system32\YUR816E.exe
    uRun: [\YUR83FD.exe] c:\windows\system32\YUR83FD.exe
    uRun: [\YUR8342.exe] c:\windows\system32\YUR8342.exe
    uRun: [\YUR85F1.exe] c:\windows\system32\YUR85F1.exe
    uRun: [\YUR8786.exe] c:\windows\system32\YUR8786.exe
    uRun: [\YUR87B5.exe] c:\windows\system32\YUR87B5.exe
    uRun: [\YUR87A5.exe] c:\windows\system32\YUR87A5.exe
    uRun: [\YUR9471.exe] c:\windows\system32\YUR9471.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MSServer] rundll32.exe c:\users\eltik\appdata\local\temp\hggdAtUM.dll,#1
    uRun: [MSSMSGS] rundll32.exe wincnw32.rom,LNsRun
    uRun: [Proccamp] "c:\programdata\sixth ace ace.ap6cmx"
    uRun: [vc log bows face] "c:\programdata\Program Else Help.cbca86x"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Unattend0000000001{81DFCC53-D582-412B-90C8-88DD893CA332}] c:\windows\test.bat
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
    mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
    mRun: [IMSCMig] e:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
    mRun: [ISUSPM] "e:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [ModeSwitch] "c:\program files\lenovo\powerdial\LitModeSwitch.exe" /AutoRun
    mRun: [WPCUMI] e:\windows\system32\WpcUmi.exe
    mRun: [multitray] c:\program files\lenovo\multirecover\loadtray.exe
    mRun: [NBKeyScan] "d:\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [PWRISOVM.EXE] d:\poweriso\PWRISOVM.EXE
    mRun: [\YURE570.exe] c:\windows\system32\YURE570.exe
    mRun: [\YURE61B.exe] c:\windows\system32\YURE61B.exe
    mRun: [\YURE994.exe] c:\windows\system32\YURE994.exe
    mRun: [\YUREB59.exe] c:\windows\system32\YUREB59.exe
    mRun: [AVP] "d:\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "d:\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [avast!] d:\avast\ashDisp.exe
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Notify: klogon - c:\windows\system32\klogon.dll
    Notify: winoyb32 - winoyb32.dll
    AppInit_DLLs: d:\kasper~1\kasper~1\mzvkbd.dll,d:\kasper~1\kasper~1\mzvkbd3.dll

    ============= SERVICES / DRIVERS ===============

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
    R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2007-9-17 24856]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-6 111184]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-6 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-6 51792]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe" [2008-1-16 30312]
    R2 DQLWinService;DQLWinService;"c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe" [2007-2-12 208896]
    R2 NMSCore;Intel(R) NMSCore;"c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe" [2007-6-27 317656]
    R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
    R2 OKAV Agent Service;OKAV Agent Service;c:\program files\trend micro\okavagent\OKAVAgent.exe [2007-6-28 66824]
    R2 QualityManager;Intel(R) Quality Manager;"c:\program files\intel\inteldh\intel media server\media server\bin\qualitymanager.exe" [2007-6-27 272600]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2008-2-12 347648]
    R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-9-17 5632]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    S0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2007-9-17 16912]
    S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
    S3 LitModeCtrl;LitModeCtrl;"c:\program files\lenovo\powerdial\LitModeCtrl.exe" [2007-9-17 92048]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -sMSSMLBIZ [2008-2-26 29183504]

    =============== Created Last 30 ================

    2008-12-06 18:46 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
    2008-12-03 19:37 <DIR> --d----- c:\program files\directx
    2008-12-03 13:12 7,165 a------- C:\wmcodec_update.exe
    2008-12-03 13:11 7,142 a------- C:\update.exe
    2008-11-26 12:53 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
    2008-11-26 12:53 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
    2008-11-26 12:53 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
    2008-11-26 12:53 712,192 a------- c:\windows\system32\WindowsCodecs.dll
    2008-11-26 12:53 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
    2008-11-26 12:53 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
    2008-11-26 12:53 1,645,568 a------- c:\windows\system32\connect.dll
    2008-11-13 18:18 1,524,736 a------- c:\windows\system32\wucltux.dll
    2008-11-13 18:18 83,456 a------- c:\windows\system32\wudriver.dll
    2008-11-13 18:18 162,064 a------- c:\windows\system32\wuwebv.dll
    2008-11-13 18:18 31,232 a------- c:\windows\system32\wuapp.exe
    2008-11-12 16:12 1,341,440 a------- c:\windows\system32\msxml6.dll
    2008-11-12 16:12 2,048 a------- c:\windows\system32\msxml6r.dll
    2008-11-12 16:12 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2008-11-12 16:12 1,194,496 a------- c:\windows\system32\msxml3.dll
    2008-11-12 16:12 2,048 a------- c:\windows\system32\msxml3r.dll
    2008-11-09 23:28 410,976 a------- c:\windows\system32\deploytk.dll
    2008-11-08 17:09 <DIR> --d----- c:\programdata\Adobe

    ==================== Find3M ====================

    2008-12-06 19:49 745,080 a------- c:\windows\system32\perfh00C.dat
    2008-12-06 19:49 140,208 a------- c:\windows\system32\perfc00C.dat
    2008-12-06 19:43 86,016 a------- c:\windows\inf\infstrng.dat
    2008-12-06 19:43 51,200 a------- c:\windows\inf\infpub.dat
    2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
    2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
    2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2008-12-06 18:47 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2008-12-03 13:13 7,306 a------- C:\error_fix.exe
    2008-12-03 13:12 15,618 a------- C:\directx.exe
    2008-10-22 21:23 32,256 a------- c:\windows\system32\winoyb32.dll
    2008-10-14 20:59 96,559 a------- c:\windows\system32\drivers\klin.dat
    2008-10-14 20:59 87,855 a------- c:\windows\system32\drivers\klick.dat
    2008-10-14 20:59 86,016 a------- c:\windows\inf\infstor.dat
    2008-10-13 19:41 3,962 a------- c:\windows\system32\tmp.reg
    2008-10-13 19:41 691 a------- c:\users\eltik\appdata\roaming\GetValue.vbs
    2008-10-13 19:41 35 a------- c:\users\eltik\appdata\roaming\SetValue.bat
    2008-10-08 11:08 94,208 a------- c:\windows\edgk.exe
    2008-10-02 04:49 826,368 a------- c:\windows\system32\wininet.dll
    2008-10-02 04:49 56,320 a------- c:\windows\system32\iesetup.dll
    2008-10-02 04:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2008-10-02 04:48 26,624 a------- c:\windows\system32\ieUnatt.exe
    2008-10-01 14:51 87,552 a------- c:\windows\system32\VACFix.exe
    2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
    2008-09-26 21:02 131 a------- C:\inactif.dat
    2008-09-19 11:26 82,944 a------- c:\windows\system32\o4Patch.exe
    2008-09-19 11:26 82,944 a------- c:\windows\system32\IEDFix.C.exe
    2008-09-18 05:27 3,506,744 a------- c:\windows\system32\ntkrnlpa.exe
    2008-09-18 05:27 3,472,952 a------- c:\windows\system32\ntoskrnl.exe
    2008-09-18 03:03 2,027,520 a------- c:\windows\system32\win32k.sys
    2008-09-18 01:41 42,320 a------- c:\windows\system32\xfcodec.dll
    2008-09-08 22:38 88,576 a------- c:\windows\system32\AntiXPVSTFix.exe
    2008-07-10 12:28 174 a--sh--- c:\program files\desktop.ini
    2008-06-20 21:40 56 a---h--- c:\programdata\ezsidmv.dat
    2008-06-20 21:40 56 a---h--- c:\progra~2\ezsidmv.dat
    2008-06-14 08:55 665,600 a------- c:\windows\inf\drvindex.dat
    2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
    2006-11-02 16:45 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
    2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
    2006-11-02 16:45 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

    ============= FINISH: 23:43:31,61 ===============
    Contenus similaires
    7 Décembre 2008 09:25:51

    bonjour
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer


    +++++++++++

    Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

    7 Décembre 2008 11:16:01

    Bonjour,

    Voici le rapport:

    ComboFix 08-12-06.06 - eltik 2008-12-07 11:10:21.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1212 [GMT 1:00]
    Lancé depuis: c:\users\eltik\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    C:\update.exe
    c:\users\eltik\AppData\Roaming\Adobe\crc.dat
    c:\users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Pharmacy Online.url
    c:\users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\Search Online.url
    c:\users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\VIP Casino.url
    c:\users\eltik\AppData\Roaming\sp2\qaccess.dll
    c:\users\eltik\FAVORI~1\Cheap Pharmacy Online.url
    c:\users\eltik\FAVORI~1\Search Online.url
    c:\users\eltik\FAVORI~1\VIP Casino.url
    c:\users\eltik\Favorites\Cheap Pharmacy Online.url
    c:\users\eltik\Favorites\Search Online.url
    c:\users\eltik\Favorites\VIP Casino.url
    c:\windows\edgk.exe
    c:\windows\system32\c.ico
    c:\windows\system32\m.ico
    c:\windows\system32\s.ico
    C:\x

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://91.203.93.6
    hxxp://78.157.143.163
    hxxp://78.157.143.198
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-06 18:46 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2008-12-03 19:37 . 2008-12-03 19:37 <REP> d-------- c:\program files\directx
    2008-12-03 13:12 . 2008-12-03 13:12 7,165 --a------ C:\wmcodec_update.exe
    2008-11-26 12:53 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 12:53 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 12:53 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 12:53 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 12:53 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 12:53 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
    2008-11-26 12:53 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
    2008-11-20 21:49 . 2008-11-20 21:49 <REP> d-------- c:\users\eltik\AppData\Roaming\dvdcss
    2008-11-18 17:45 . 2008-11-18 17:47 <REP> d-------- c:\users\eltik\AppData\Roaming\SecondLife
    2008-11-13 18:18 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-13 18:18 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-13 18:18 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-13 18:18 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-13 18:18 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-13 18:18 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-13 18:18 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-13 18:18 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-13 18:18 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-12 16:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
    2008-11-12 16:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
    2008-11-12 16:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-12 16:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
    2008-11-12 16:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
    2008-11-10 11:36 . 2008-11-10 11:36 <REP> d-------- c:\users\Invité\AppData\Roaming\Google
    2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Macromedia
    2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Adobe
    2008-11-10 11:03 . 2008-11-10 11:03 <REP> d-------- c:\users\Invité\AppData\Roaming\Mozilla
    2008-11-10 10:32 . 2008-11-10 10:32 <REP> d-------- c:\users\Invité\AppData\Roaming\ATI
    2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\Nero
    2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\GTek
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
    2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
    2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
    2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
    2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
    2008-11-10 10:30 . 2008-11-11 13:21 <REP> dr------- c:\users\Invité\Desktop
    2008-11-10 10:30 . 2008-11-11 13:21 <REP> dr------- c:\users\Invité\Desktop
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
    2008-11-10 10:30 . 2008-11-10 13:01 <REP> d---s---- c:\users\Invité\AppData\Roaming\Microsoft
    2008-11-10 10:30 . 2006-11-02 13:37 <REP> d-------- c:\users\Invité\AppData\Roaming\Media Center Programs
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité\AppData\Roaming\Identities
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité
    2008-11-10 10:30 . 2008-12-07 11:10 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
    2008-11-10 10:30 . 2008-12-07 11:10 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
    2008-11-09 23:28 . 2008-11-09 23:28 <REP> d-------- c:\program files\Java
    2008-11-09 23:28 . 2008-11-09 23:28 410,976 --a------ c:\windows\System32\deploytk.dll
    2008-11-08 17:09 . 2008-11-08 17:09 <REP> d-------- c:\users\All Users\Adobe
    2008-11-08 17:09 . 2008-11-08 17:09 <REP> d-------- c:\program files\Common Files\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-07 10:12 --------- d-----w c:\users\eltik\AppData\Roaming\sp2
    2008-12-07 10:10 786,432 --sha-w c:\users\Invité\NTUSER.DAT
    2008-12-07 10:10 786,432 --sha-w c:\users\Invité\NTUSER.DAT
    2008-12-07 10:10 --------- d-----w c:\users\eltik\AppData\Roaming\uTorrent
    2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
    2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
    2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-12-06 22:58 32 --sha-w c:\windows\system32\drivers\fidbox.dat
    2008-12-06 16:40 --------- d-----w c:\users\eltik\AppData\Roaming\LimeWire
    2008-12-06 15:52 --------- d-----w c:\users\eltik\AppData\Roaming\Hamachi
    2008-12-03 12:13 7,306 ----a-w C:\error_fix.exe
    2008-12-03 12:12 15,618 ----a-w C:\directx.exe
    2008-11-22 10:42 --------- d-----w c:\programdata\Microsoft Help
    2008-11-20 17:06 --------- d-----w c:\programdata\Road axis poke
    2008-11-20 17:06 --------- d-----w c:\programdata\Memo Drive Vc Log
    2008-11-10 12:01 --------- d-s---w c:\users\Invité\AppData\Roaming\Microsoft
    2008-11-10 10:36 --------- d-----w c:\users\Invité\AppData\Roaming\Google
    2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Macromedia
    2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Adobe
    2008-11-10 10:03 --------- d-----w c:\users\Invité\AppData\Roaming\Mozilla
    2008-11-10 09:32 --------- d-----w c:\users\Invité\AppData\Roaming\ATI
    2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\Nero
    2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\GTek
    2008-11-10 09:30 --------- d-----w c:\users\Invité\AppData\Roaming\Identities
    2008-11-03 19:56 --------- d-----w c:\program files\MSN Messenger
    2008-10-31 21:11 --------- d-----w c:\program files\Windows Live Safety Center
    2008-10-25 20:37 --------- d-----w c:\users\eltik\AppData\Roaming\fltk.org
    2008-10-22 20:23 32,256 ----a-w c:\windows\System32\winoyb32.dll
    2008-10-22 15:48 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-16 16:21 --------- d-----w c:\program files\Windows Mail
    2008-10-14 19:59 96,559 ----a-w c:\windows\system32\drivers\klin.dat
    2008-10-14 19:59 87,855 ----a-w c:\windows\system32\drivers\klick.dat
    2008-10-14 19:59 --------- d-----w c:\programdata\Kaspersky Lab
    2008-10-13 19:31 --------- d---a-w c:\programdata\TEMP
    2008-10-13 19:19 --------- d-----w c:\programdata\nqxwfqnu
    2008-10-13 18:41 691 ----a-w c:\users\eltik\AppData\Roaming\GetValue.vbs
    2008-10-13 18:41 35 ----a-w c:\users\eltik\AppData\Roaming\SetValue.bat
    2008-10-13 18:41 3,962 ----a-w c:\windows\System32\tmp.reg
    2008-10-11 10:29 --------- d-----w c:\programdata\fkbcjopo
    2008-10-10 19:18 --------- d-----w c:\programdata\knqrmxux
    2008-10-10 19:18 --------- d-----w c:\programdata\EnAplAdm
    2008-10-08 13:34 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
    2008-10-08 12:50 --------- d-----w c:\program files\Trend Micro
    2008-10-08 12:49 --------- d-----w c:\programdata\Trend Micro
    2008-10-08 12:38 --------- d-----w c:\programdata\Skype
    2008-10-08 10:53 --------- d-----w c:\users\eltik\AppData\Roaming\skypePM
    2008-10-07 20:29 --------- d-----w c:\users\eltik\AppData\Roaming\Xfire
    2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
    2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
    2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
    2008-10-01 13:51 87,552 ----a-w c:\windows\System32\VACFix.exe
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-26 20:02 131 ----a-w C:\inactif.dat
    2008-09-19 10:26 82,944 ----a-w c:\windows\System32\o4Patch.exe
    2008-09-19 10:26 82,944 ----a-w c:\windows\System32\IEDFix.C.exe
    2008-09-18 04:27 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 04:27 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
    2008-09-18 00:41 42,320 ----a-w c:\windows\System32\xfcodec.dll
    2008-09-08 21:38 88,576 ----a-w c:\windows\System32\AntiXPVSTFix.exe
    2008-07-10 11:28 174 --sha-w c:\program files\desktop.ini
    2008-06-20 20:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-06-20 20:40 56 ---ha-w c:\programdata\ezsidmv.dat
    2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Proccamp"="c:\programdata\sixth ace ace.ap6cmx" [X]
    "vc log bows face"="c:\programdata\Program Else Help.cbca86x" [X]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-15 1232896]
    "Steam"="d:\valve\Steam\Steam.exe" [2008-10-08 1410296]
    "Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
    "PC Suite Tray"="d:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-07-16 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]
    "ManyCam"="c:\program files\ManyCam 2.2\ManyCam.exe" [2008-02-06 1676584]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "MSSMSGS"="wincnw32.rom" [2008-10-22 c:\windows\System32\wincnw32.rom]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2006-09-01 74240]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
    "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
    "CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
    "ModeSwitch"="c:\program files\Lenovo\PowerDial\LitModeSwitch.exe" [2007-08-02 177448]
    "multitray"="c:\program files\Lenovo\MultiRecover\loadtray.exe" [2007-06-29 31248]
    "NBKeyScan"="d:\nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2008-01-20 217088]
    "AVP"="d:\kaspersky lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
    "Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
    "avast!"="d:\avast\ashDisp.exe" [2008-11-26 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winoyb32]
    2008-10-22 21:23 32256 c:\windows\System32\winoyb32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\kasper~1\KASPER~1\mzvkbd.dll,d:\kasper~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.clmp3enc"= c:\progra~1\Lenovo\Power2Go\CLMP3Enc.ACM
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="0x00000000"
    "UpdatesDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{37457D7B-3350-448F-9020-348980987E97}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{E573EE08-9503-4A61-AE5B-F3C89B676912}"= UDP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{5575526A-269F-431D-85D6-E7856C6859B5}"= TCP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{5E23C099-8421-4BFA-96A8-E33914F29D4F}"= UDP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{8FDC97F2-90AC-42F1-90B8-E39BEC92F7EF}"= TCP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{C1124595-7130-4B4A-AD57-13C288BBF871}"= UDP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{1B3A029E-856C-4079-B255-85671FA87733}"= TCP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{1EDC68F0-7594-4FC1-95B5-6D9EBCC3BC99}"= TCP:p rofile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{1D6B3DED-ED57-420F-B431-CA07894E189F}"= TCP:p rofile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{917B0640-4632-4D14-B9A1-6DDF763DA63B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{128083F9-8A38-4B3A-93D9-234A4A1A94D2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{1FDB25BE-9F02-419E-BB62-44F257596BF7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{FC1CB830-BEA5-4979-8B13-AECBB63D9786}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{9814F4CA-F130-4122-B906-9B56AB97647E}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{891E7274-55EB-4224-BC7D-FC80A68B1DC9}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= UDP:D :\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
    "UDP Query User{48C9F76D-69E2-4792-99C3-937BC9CB6E98}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= TCP:D :\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
    "TCP Query User{82647698-7949-42CC-9181-8145AAB93B2E}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= UDP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
    "UDP Query User{5A1805DC-53AB-4D4D-8D3D-6147BB441683}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= TCP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
    "{DA88018F-971B-4AD0-A19E-FB8F10D35709}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
    "{C69DF4DD-D37D-494C-A2C9-8F3391D7C4E7}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
    "{24CF0A63-EBF8-4CFD-AEDE-13A022380B70}"= UDP:D :\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
    "{26D39BEB-DD6C-416F-A238-06A4751E4B2F}"= TCP:D :\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
    "{DC0FD998-7D5C-4ECE-B757-366CD9BB95FE}"= UDP:D :\autodesk\Backburner\manager.exe:backburner 2.3 manager
    "{4E106723-5479-47DC-B671-3F8430C015DB}"= TCP:D :\autodesk\Backburner\manager.exe:backburner 2.3 manager
    "{B142EDB3-4711-4B8F-82C8-2449CDEB4D7A}"= UDP:D :\autodesk\Backburner\server.exe:backburner 2.3 server
    "{626CF41D-8BF1-4063-A790-FE0A95F2756D}"= TCP:D :\autodesk\Backburner\server.exe:backburner 2.3 server
    "{F9BE9874-B4C3-46CB-B9B3-63557F1BD31E}"= UDP:D :\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
    "{411188A5-19ED-4957-B0CB-B7AB66326E22}"= TCP:D :\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
    "TCP Query User{8C56AC05-7D3E-4AB6-826E-E274485375D8}d:\\limewire\\limewire.exe"= UDP:D :\limewire\limewire.exe:LimeWire
    "UDP Query User{A8BD715C-8BA5-47F4-915A-FEABB8DDED16}d:\\limewire\\limewire.exe"= TCP:D :\limewire\limewire.exe:LimeWire
    "TCP Query User{0066FB3C-97A7-4E61-9E7D-B3E5B8D8A388}d:\\wolfenstein - enemy territory\\et.exe"= UDP:D :\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{9CB6BFFA-0163-4131-A6C2-FF739167678A}d:\\wolfenstein - enemy territory\\et.exe"= TCP:D :\wolfenstein - enemy territory\et.exe:ET
    "{31043263-0620-4106-8D3E-C6629B7C14ED}"= d:\electronic arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
    "{8A56D107-86BE-433F-A3BF-26203F0973F9}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
    "TCP Query User{8DE1D62E-B1B4-4050-BB14-D1F3D59FF5F1}d:\\ut2004\\system\\ut2004.exe"= UDP:D :\ut2004\system\ut2004.exe:UT2004
    "UDP Query User{EC062E63-1AD7-4FA1-8C20-3086AFAF3BF4}d:\\ut2004\\system\\ut2004.exe"= TCP:D :\ut2004\system\ut2004.exe:UT2004
    "{C6B240B6-B3D8-4398-A81D-F8B6FCE895F5}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3 : La Fureur de Kane
    "TCP Query User{C3A99262-A572-4EE8-8CAE-36213A7AB67C}d:\\program files\\xfire\\xfire.exe"= UDP:D :\program files\xfire\xfire.exe:Xfire
    "UDP Query User{889F03ED-F5F6-4DAB-91E9-D619C39FFA32}d:\\program files\\xfire\\xfire.exe"= TCP:D :\program files\xfire\xfire.exe:Xfire
    "TCP Query User{328F4174-07B3-47F4-81B5-62ECF31CAA87}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= UDP:D :\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
    "UDP Query User{AD71AC15-52DD-443F-B889-2477ACDB19FB}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= TCP:D :\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
    "TCP Query User{F424173F-6ABD-4E66-9740-74CC77B44F5F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= UDP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{FA03ED9F-EAA8-41DD-853F-3A1C03EF7A4F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= TCP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
    "{054FA35B-D73F-41B4-A6D2-3000438E3B7E}"= UDP:D :\utorrent\uTorrent.exe:µTorrent (TCP-In)
    "{D4100674-B1CC-4946-BE48-FA9C98903A07}"= TCP:D :\utorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{BAF73FB6-2BA2-4F15-9B53-3BCD8B71386B}d:\\nexuiz\\nexuiz.exe"= UDP:D :\nexuiz\nexuiz.exe:Nexuiz
    "UDP Query User{7CAD80C2-C487-4E10-8F7B-35D37258DFEC}d:\\nexuiz\\nexuiz.exe"= TCP:D :\nexuiz\nexuiz.exe:Nexuiz
    "{417B45F9-EB03-412A-8391-CE6D1BA770E9}"= UDP:D :\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
    "{54FF94EC-CF84-4C66-B5E9-93B24AACA7B9}"= TCP:D :\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
    "TCP Query User{E33E88C0-E010-402E-A8F0-441AB33F2B2D}d:\\unreal gold\\system\\unreal.exe"= UDP:D :\unreal gold\system\unreal.exe:Unreal
    "UDP Query User{78F54BCE-0832-4457-ABEF-3598E72B15B4}d:\\unreal gold\\system\\unreal.exe"= TCP:D :\unreal gold\system\unreal.exe:Unreal
    "{60D37DDB-670D-4967-ADF5-AAA554F46004}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{231750EB-4067-4D8B-9C53-332ADD1B676C}d:\\secondlife\\slvoice.exe"= UDP:D :\secondlife\slvoice.exe:SLVoice
    "UDP Query User{3B1FBBC5-6FA6-4CDF-A2FE-109402C840FC}d:\\secondlife\\slvoice.exe"= TCP:D :\secondlife\slvoice.exe:SLVoice
    "{C53E70DD-F6EA-4F36-AE0F-67211547A53F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
    R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2007-09-17 24856]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-06 111184]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-06 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-06 51792]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
    R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 208896]
    R2 NMSCore;Intel(R) NMSCore;"c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 317656]
    R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
    R2 OKAV Agent Service;OKAV Agent Service;c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe [2007-06-28 66824]
    R2 QualityManager;Intel(R) Quality Manager;"c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 272600]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
    R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2008-02-12 347648]
    R3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-09-17 5632]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2007-09-17 16912]
    S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
    S3 LitModeCtrl;LitModeCtrl;"c:\program files\Lenovo\PowerDial\LitModeCtrl.exe" [2007-09-17 92048]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e958ba4-8c76-11dd-a49b-001b111523ed}]
    \shell\AutoRun\command - K:\start.exe
    \shell\iledefrance\command - K:\start.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-31 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe []

    2008-12-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-\YURAEB5.exe - c:\windows\system32\YURAEB5.exe
    HKCU-Run-\YURAEC5.exe - c:\windows\system32\YURAEC5.exe
    HKCU-Run-\YURB856.exe - c:\windows\system32\YURB856.exe
    HKCU-Run-\YURBAC6.exe - c:\windows\system32\YURBAC6.exe
    HKCU-Run-\YUR9C7D.exe - c:\windows\system32\YUR9C7D.exe
    HKCU-Run-\YUR9C9C.exe - c:\windows\system32\YUR9C9C.exe
    HKCU-Run-\YUR9CBB.exe - c:\windows\system32\YUR9CBB.exe
    HKCU-Run-\YUR9F0C.exe - c:\windows\system32\YUR9F0C.exe
    HKCU-Run-\YUR816E.exe - c:\windows\system32\YUR816E.exe
    HKCU-Run-\YUR83FD.exe - c:\windows\system32\YUR83FD.exe
    HKCU-Run-\YUR8342.exe - c:\windows\system32\YUR8342.exe
    HKCU-Run-\YUR85F1.exe - c:\windows\system32\YUR85F1.exe
    HKCU-Run-\YUR8786.exe - c:\windows\system32\YUR8786.exe
    HKCU-Run-\YUR87B5.exe - c:\windows\system32\YUR87B5.exe
    HKCU-Run-\YUR87A5.exe - c:\windows\system32\YUR87A5.exe
    HKCU-Run-\YUR9471.exe - c:\windows\system32\YUR9471.exe
    HKLM-Run-Unattend0000000001{81DFCC53-D582-412B-90C8-88DD893CA332} - c:\windows\test.bat
    HKLM-Run-IMSCMig - e:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE
    HKLM-Run-ISUSPM - e:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    HKLM-Run-WPCUMI - e:\windows\system32\WpcUmi.exe
    HKLM-Run-\YURE570.exe - c:\windows\system32\YURE570.exe
    HKLM-Run-\YURE61B.exe - c:\windows\system32\YURE61B.exe
    HKLM-Run-\YURE994.exe - c:\windows\system32\YURE994.exe
    HKLM-Run-\YUREB59.exe - c:\windows\system32\YUREB59.exe


    .
    ------- Examen supplémentaire -------
    .
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    FireFox -: Profile - c:\users\eltik\AppData\Roaming\Mozilla\Firefox\Profiles\me18f9eb.default\
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF -: plugin - c:\users\eltik\Program Files\DNA\plugins\npbtdna.dll
    FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    FF -: plugin - d:\reader\browser\nppdf32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 11:13:08
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-07 11:14:36
    ComboFix-quarantined-files.txt 2008-12-07 10:14:33

    Avant-CF: 1 468 731 392 octets libres
    Après-CF: 4,334,981,120 octets libres

    364 --- E O F --- 2008-12-04 19:15:43




    +++++++++++++++++++++++++++++++++++++++

    Rapport de LopSD


    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
    BIOS : Default System BIOS
    USER : eltik ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
    D:\ (Local Disk) - NTFS - Total:250 Go (Free:111 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 07/12/2008|11:17 )

    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [08/11/2008|17:10] C:\Users\eltik\AppData\Local\Adobe
    [12/07/2008|17:44] C:\Users\eltik\AppData\Local\Ahead
    [12/02/2008|19:29] C:\Users\eltik\AppData\Local\Application Data
    [12/02/2008|19:30] C:\Users\eltik\AppData\Local\ATI
    [30/03/2008|18:06] C:\Users\eltik\AppData\Local\Autodesk
    [09/11/2008|12:38] C:\Users\eltik\AppData\Local\d3d9caps.dat
    [06/12/2008|23:54] C:\Users\eltik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [23/07/2008|15:15] C:\Users\eltik\AppData\Local\Disney
    [01/09/2008|17:20] C:\Users\eltik\AppData\Local\DNA
    [04/10/2008|15:36] C:\Users\eltik\AppData\Local\GDIPFONTCACHEV1.DAT
    [08/05/2008|23:19] C:\Users\eltik\AppData\Local\Google
    [12/02/2008|19:29] C:\Users\eltik\AppData\Local\Historique
    [06/12/2008|23:57] C:\Users\eltik\AppData\Local\IconCache.db
    [08/10/2008|13:56] C:\Users\eltik\AppData\Local\Microsoft
    [06/06/2008|22:35] C:\Users\eltik\AppData\Local\Microsoft Games
    [25/09/2008|21:14] C:\Users\eltik\AppData\Local\Microsoft Help
    [27/09/2008|11:04] C:\Users\eltik\AppData\Local\Mostick
    [15/02/2008|18:12] C:\Users\eltik\AppData\Local\Mozilla
    [29/10/2008|16:51] C:\Users\eltik\AppData\Local\Oblivion
    [15/02/2008|21:54] C:\Users\eltik\AppData\Local\Steam
    [07/12/2008|11:16] C:\Users\eltik\AppData\Local\Temp
    [12/02/2008|19:29] C:\Users\eltik\AppData\Local\Temporary Internet Files
    [18/02/2008|00:38] C:\Users\eltik\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [31/10/2008 14:59][--a------] C:\Windows\tasks\Norton Security Scan.job
    [06/12/2008 23:29][--a------] C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    [07/12/2008 10:39][--ah-----] C:\Windows\tasks\SA.DAT
    [06/12/2008 23:58][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [17/09/2007|22:55] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [08/11/2008|17:09] C:\ProgramData\Adobe
    [02/11/2006|14:02] C:\ProgramData\Application Data
    [30/03/2008|18:15] C:\ProgramData\Autodesk
    [27/06/2007|03:01] C:\ProgramData\Bureau
    [02/11/2006|14:02] C:\ProgramData\Desktop
    [02/11/2006|14:02] C:\ProgramData\Documents
    [10/10/2008|20:18] C:\ProgramData\EnAplAdm
    [20/06/2008|21:40] C:\ProgramData\ezsidmv.dat
    [27/06/2007|03:01] C:\ProgramData\Favoris
    [02/11/2006|14:02] C:\ProgramData\Favorites
    [11/10/2008|11:29] C:\ProgramData\fkbcjopo
    [08/05/2008|14:46] C:\ProgramData\Google
    [12/02/2008|19:31] C:\ProgramData\Gtek
    [31/05/2008|21:42] C:\ProgramData\Installations
    [17/09/2007|23:01] C:\ProgramData\Intel
    [14/10/2008|20:59] C:\ProgramData\Kaspersky Lab
    [08/10/2008|14:34] C:\ProgramData\Kaspersky Lab Setup Files
    [10/10/2008|20:18] C:\ProgramData\knqrmxux
    [21/03/2008|22:22] C:\ProgramData\Media Center Programs
    [20/11/2008|18:06] C:\ProgramData\Memo Drive Vc Log
    [27/06/2007|03:01] C:\ProgramData\Menu Démarrer
    [21/07/2008|22:19] C:\ProgramData\Messenger Plus!
    [25/09/2008|21:15] C:\ProgramData\Microsoft
    [22/11/2008|11:42] C:\ProgramData\Microsoft Help
    [27/06/2007|03:01] C:\ProgramData\Modèles
    [12/07/2008|17:38] C:\ProgramData\Nero
    [13/10/2008|20:19] C:\ProgramData\nqxwfqnu
    [31/05/2008|21:49] C:\ProgramData\PC Suite
    [20/11/2008|18:06] C:\ProgramData\Program Else Help.cbca86x
    [20/11/2008|18:06] C:\ProgramData\Road axis poke
    [20/11/2008|18:05] C:\ProgramData\sixth ace ace.0yoyc
    [17/09/2008|11:54] C:\ProgramData\sixth ace ace.1k1ae
    [01/11/2008|19:02] C:\ProgramData\sixth ace ace.2o397
    [24/09/2008|21:08] C:\ProgramData\sixth ace ace.9h4hkey
    [20/11/2008|18:05] C:\ProgramData\sixth ace ace.ap6cmx
    [11/09/2008|17:19] C:\ProgramData\sixth ace ace.ap8ajuh
    [15/11/2008|10:55] C:\ProgramData\sixth ace ace.etuzcv
    [09/10/2008|21:04] C:\ProgramData\sixth ace ace.eyfszej
    [24/09/2008|21:08] C:\ProgramData\sixth ace ace.gksbmyr
    [09/10/2008|21:04] C:\ProgramData\sixth ace ace.honflc1
    [09/10/2008|18:14] C:\ProgramData\sixth ace ace.wssrzt
    [27/10/2008|10:27] C:\ProgramData\sixth ace ace.xwjt69
    [08/10/2008|13:38] C:\ProgramData\Skype
    [02/11/2006|14:02] C:\ProgramData\Start Menu
    [13/10/2008|20:31] C:\ProgramData\TEMP
    [02/11/2006|14:02] C:\ProgramData\Templates
    [08/10/2008|13:49] C:\ProgramData\Trend Micro
    [15/02/2008|18:09] C:\ProgramData\WLInstaller
    [03/10/2008|17:52] C:\ProgramData\Xfire

    --------------------\\ Listing des dossiers dans C:\Program Files

    [17/09/2007|22:55] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [15/02/2008|18:08] C:\Program Files\Alwil Software
    [17/09/2007|22:44] C:\Program Files\Analog Devices
    [17/09/2007|22:40] C:\Program Files\ATI
    [17/09/2007|22:42] C:\Program Files\ATI Technologies
    [13/07/2008|17:02] C:\Program Files\Autodesk
    [08/03/2008|23:35] C:\Program Files\AviSynth 2.5
    [11/09/2008|17:19] C:\Program Files\Circle Developement
    [07/12/2008|11:12] C:\Program Files\Common Files
    [17/09/2007|23:09] C:\Program Files\CyberLink
    [31/05/2008|21:45] C:\Program Files\DIFX
    [03/12/2008|19:37] C:\Program Files\directx
    [23/07/2008|15:15] C:\Program Files\Disney
    [08/03/2008|23:35] C:\Program Files\eRightSoft
    [27/06/2007|03:01] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
    [16/05/2008|18:11] C:\Program Files\Google
    [12/05/2008|14:51] C:\Program Files\Hamachi
    [30/03/2008|10:48] C:\Program Files\Infogrames
    [17/09/2008|17:36] C:\Program Files\InstallShield Installation Information
    [17/09/2007|23:01] C:\Program Files\Intel
    [16/10/2008|17:21] C:\Program Files\Internet Explorer
    [17/09/2007|23:07] C:\Program Files\InterVideo
    [09/11/2008|23:28] C:\Program Files\Java
    [17/09/2007|23:09] C:\Program Files\Lenovo
    [02/09/2008|15:10] C:\Program Files\ManyCam 2.2
    [11/09/2008|17:19] C:\Program Files\Messenger Plus! Live
    [16/07/2008|22:48] C:\Program Files\MessengerPlus! 3
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [17/09/2007|22:58] C:\Program Files\Microsoft Office
    [25/09/2008|21:12] C:\Program Files\Microsoft SDKs
    [22/10/2008|16:48] C:\Program Files\Microsoft Silverlight
    [17/09/2007|22:59] C:\Program Files\Microsoft Small Business
    [10/07/2008|08:31] C:\Program Files\Microsoft SQL Server
    [17/09/2007|22:54] C:\Program Files\Microsoft Visual Studio
    [17/09/2007|22:54] C:\Program Files\Microsoft Works
    [17/09/2007|22:57] C:\Program Files\Microsoft.NET
    [22/03/2008|14:52] C:\Program Files\Movie Maker
    [06/12/2008|21:02] C:\Program Files\Mozilla Firefox
    [02/11/2006|13:37] C:\Program Files\MSBuild
    [02/11/2006|13:37] C:\Program Files\MSN
    [03/11/2008|20:56] C:\Program Files\MSN Messenger
    [15/02/2008|20:40] C:\Program Files\MSXML 4.0
    [31/05/2008|21:45] C:\Program Files\PC Connectivity Solution
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [08/10/2008|13:50] C:\Program Files\Trend Micro
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [15/02/2008|18:06] C:\Program Files\VideoLAN
    [15/02/2008|22:36] C:\Program Files\Windows Calendar
    [02/11/2006|13:42] C:\Program Files\Windows Collaboration
    [27/06/2007|03:54] C:\Program Files\Windows Defender
    [02/11/2006|13:42] C:\Program Files\Windows Journal
    [15/02/2008|18:17] C:\Program Files\Windows Live
    [31/10/2008|22:11] C:\Program Files\Windows Live Safety Center
    [17/09/2007|23:09] C:\Program Files\Windows Live Toolbar
    [16/10/2008|17:21] C:\Program Files\Windows Mail
    [15/02/2008|22:36] C:\Program Files\Windows Media Player
    [27/06/2007|03:01] C:\Program Files\Windows NT
    [02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
    [15/02/2008|22:36] C:\Program Files\Windows Sidebar
    [08/10/2008|13:30] C:\Program Files\WinRAR

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [08/11/2008|17:09] C:\Program Files\Common Files\Adobe
    [30/03/2008|18:17] C:\Program Files\Common Files\Autodesk Shared
    [17/09/2007|22:54] C:\Program Files\Common Files\DESIGNER
    [14/03/2008|18:25] C:\Program Files\Common Files\INCA Shared
    [07/06/2008|12:45] C:\Program Files\Common Files\InstallShield
    [17/09/2007|23:01] C:\Program Files\Common Files\Intel
    [17/09/2007|23:07] C:\Program Files\Common Files\InterVideo
    [25/09/2008|21:13] C:\Program Files\Common Files\Merge Modules
    [25/09/2008|21:14] C:\Program Files\Common Files\microsoft shared
    [12/07/2008|17:40] C:\Program Files\Common Files\Nero
    [31/05/2008|21:46] C:\Program Files\Common Files\Nokia
    [31/05/2008|21:46] C:\Program Files\Common Files\PCSuite
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [15/02/2008|21:54] C:\Program Files\Common Files\Steam
    [17/09/2007|22:52] C:\Program Files\Common Files\System
    [15/02/2008|18:17] C:\Program Files\Common Files\WindowsLiveInstaller

    --------------------\\ Process

    ( 89 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\ProgramData\Memo Drive Vc Log
    C:\ProgramData\Memo Drive Vc Log\Tick Support.exe
    C:\Program Files\Circle Developement
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
    C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 11:23:08
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1253

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROGUES ..

    C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Smart Antivirus 2009



    [F:17][D:166]-> C:\Users\eltik\AppData\Local\Temp
    [F:461][D:1]-> C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:62][D:8]-> C:\Users\eltik\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:31][D:7]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 07/12/2008|13:40 - Option : [1]

    --------------------\\ Fin du rapport a 13:40:59
    [ UAC => 1 ]

    7 Décembre 2008 22:14:58

    re

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.

    ++++++++++++++++
    8 Décembre 2008 18:19:36

    Voilà le rapport de Malwarebytes' Anti-Malware

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1456
    Windows 6.0.6000

    08/12/2008 00:20:41
    mbam-log-2008-12-08 (00-20-41).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 259142
    Temps écoulé: 38 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\dicha (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\godzi1.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winoyb32 (Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\olnmraew.bmqr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSSMSGS (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Users\eltik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\ProgramData\nqxwfqnu\zuvinqfu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\ProgramData\Road axis poke\rwdkvyfo.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\edgk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\System32\winoyb32.dll (Dialer) -> Quarantined and deleted successfully.
    8 Décembre 2008 22:55:09

    bonsoir
    reposte un log hijackthis stp
    9 Décembre 2008 17:37:50

    Logfile of HijackThis v1.99.1
    Scan saved at 17:32:28, on 09/12/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16757)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Lenovo\file32\hotkey.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    C:\Program Files\Lenovo\MultiRecover\multitray.exe
    D:\PowerISO\PWRISOVM.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    D:\Valve\Steam\Steam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    D:\Nokia\Nokia PC Suite 6\PcSync2.exe
    D:\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ManyCam 2.2\ManyCam.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\eltik\AppData\Local\Temp\Rar$EX00.276\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\program files\google\googletoolbar2user.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
    O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe" /AutoRun
    O4 - HKLM\..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Proccamp] "C:\ProgramData\sixth ace ace.ap6cmx"
    O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\Program Else Help.cbca86x"
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: D:\KASPER~1\KASPER~1\mzvkbd.dll,D:\KASPER~1\KASPER~1\mzvkbd3.dll
    O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - D:\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
    O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LitModeCtrl - Lenovo Software (Beijing) Limited - C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
    O23 - Service: OKAV Agent Service - Trend Micro Inc. - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


    http://www.hijackthis.de/fr#anl
    9 Décembre 2008 22:22:00

    bonsoir
    fais un choix dans tes antivirus, kaspersky ou avast, à toi de voir... si ta version de kaspersky est encore valide, pas d'hésitations...


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\programdata\sixth ace ace.ap6cmx
    c:\programdata\Program Else Help.cbca86x
    c:\windows\System32\wincnw32.rom
    C:\windows\System32\winoyb32.dll
    c:\windows\Tasks\Norton Security Scan.job
    C:\Program Files\Circle Developement\Uninstall.exe
    C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
    C:\Users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt
    C:\ProgramData\Memo Drive Vc Log\Tick Support.exe

    Folder::
    c:\programdata\nqxwfqnu
    c:\programdata\fkbcjopo
    c:\programdata\knqrmxux
    c:\programdata\EnAplAdm
    c:\program files\Norton Security Scan
    C:\ProgramData\Road axis poke
    C:\ProgramData\sixth ace ace.0yoyc
    C:\ProgramData\sixth ace ace.1k1ae
    C:\ProgramData\sixth ace ace.2o397
    C:\ProgramData\sixth ace ace.9h4hkey
    C:\ProgramData\sixth ace ace.ap6cmx
    C:\ProgramData\sixth ace ace.ap8ajuh
    C:\ProgramData\sixth ace ace.etuzcv
    C:\ProgramData\sixth ace ace.eyfszej
    C:\ProgramData\sixth ace ace.gksbmyr
    C:\ProgramData\sixth ace ace.honflc1
    C:\ProgramData\sixth ace ace.wssrzt
    C:\ProgramData\sixth ace ace.xwjt69
    C:\ProgramData\Memo Drive Vc Log
    C:\Program Files\Circle Developement


    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Proccamp"=-
    "vc log bows face"=-
    "MSSMSGS"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winoyb32]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    9 Décembre 2008 22:30:24

    Bonsoir,

    Voici le contenu du rapport de ComboFix:

    ComboFix 08-12-06.06 - eltik 2008-12-09 22:25:21.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1410 [GMT 1:00]
    Lancé depuis: c:\users\eltik\Desktop\Downloads\ComboFix.exe
    Commutateurs utilisés :: c:\users\eltik\Desktop\CFScript.txt

    FILE ::
    c:\program files\Circle Developement\Uninstall.exe
    c:\programdata\Memo Drive Vc Log\Tick Support.exe
    c:\programdata\Program Else Help.cbca86x
    c:\programdata\sixth ace ace.ap6cmx
    c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt
    c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
    c:\windows\System32\wincnw32.rom
    c:\windows\System32\winoyb32.dll
    c:\windows\Tasks\Norton Security Scan.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Circle Developement
    c:\program files\Circle Developement\Uninstall.exe
    c:\programdata\EnAplAdm
    c:\programdata\EnAplAdm\vedghszi.exe
    c:\programdata\fkbcjopo
    c:\programdata\fkbcjopo\nafmpkpw.exe
    c:\programdata\knqrmxux
    c:\programdata\knqrmxux\yjmtanqt.exe
    c:\programdata\Memo Drive Vc Log
    c:\programdata\Memo Drive Vc Log\Tick Support.exe
    c:\programdata\nqxwfqnu
    c:\programdata\Program Else Help.cbca86x
    c:\programdata\Road axis poke
    c:\programdata\Road axis poke\ajzrrtlb.exe
    c:\programdata\Road axis poke\boltgrid.exe
    c:\programdata\Road axis poke\bskqsdbf.exe
    c:\programdata\Road axis poke\jhkurbsc.exe
    c:\programdata\Road axis poke\safe lite phone drive.exe
    c:\programdata\Road axis poke\swwzifgg.exe
    c:\programdata\Road axis poke\uhsncepu.exe
    c:\programdata\Road axis poke\uolgryqx.exe
    c:\programdata\Road axis poke\xjzstjrx.exe
    c:\programdata\sixth ace ace.0yoyc\
    c:\programdata\sixth ace ace.1k1ae\
    c:\programdata\sixth ace ace.2o397\
    c:\programdata\sixth ace ace.9h4hkey\
    c:\programdata\sixth ace ace.ap6cmx
    c:\programdata\sixth ace ace.ap8ajuh\
    c:\programdata\sixth ace ace.etuzcv\
    c:\programdata\sixth ace ace.eyfszej\
    c:\programdata\sixth ace ace.gksbmyr\
    c:\programdata\sixth ace ace.honflc1\
    c:\programdata\sixth ace ace.wssrzt\
    c:\programdata\sixth ace ace.xwjt69\
    c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@adopt.euroclick[2].txt
    c:\users\eltik\AppData\Roaming\MICROS~1\Windows\Cookies\eltik@advertising[1].txt
    c:\windows\System32\wincnw32.rom
    c:\windows\Tasks\Norton Security Scan.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-07 23:41 . 2008-12-07 23:41 <REP> d-------- c:\users\eltik\AppData\Roaming\Malwarebytes
    2008-12-07 23:41 . 2008-12-07 23:41 <REP> d-------- c:\users\All Users\Malwarebytes
    2008-12-07 23:41 . 2008-12-07 23:41 <REP> d-------- c:\programdata\Malwarebytes
    2008-12-07 23:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-12-07 23:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-12-07 11:16 . 2008-12-07 13:40 <REP> d-------- C:\Lop SD
    2008-12-03 19:37 . 2008-12-03 19:37 <REP> d-------- c:\program files\directx
    2008-12-03 13:12 . 2008-12-03 13:12 7,165 --a------ C:\wmcodec_update.exe
    2008-11-26 12:53 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 12:53 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 12:53 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 12:53 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 12:53 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 12:53 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
    2008-11-26 12:53 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
    2008-11-20 21:49 . 2008-11-20 21:49 <REP> d-------- c:\users\eltik\AppData\Roaming\dvdcss
    2008-11-18 17:45 . 2008-11-18 17:47 <REP> d-------- c:\users\eltik\AppData\Roaming\SecondLife
    2008-11-13 18:18 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-13 18:18 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-13 18:18 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-13 18:18 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-13 18:18 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-13 18:18 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-13 18:18 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-13 18:18 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-13 18:18 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-12 16:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
    2008-11-12 16:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
    2008-11-12 16:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-12 16:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
    2008-11-12 16:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
    2008-11-10 11:36 . 2008-11-10 11:36 <REP> d-------- c:\users\Invité\AppData\Roaming\Google
    2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Macromedia
    2008-11-10 11:05 . 2008-11-10 11:05 <REP> d-------- c:\users\Invité\AppData\Roaming\Adobe
    2008-11-10 11:03 . 2008-11-10 11:03 <REP> d-------- c:\users\Invité\AppData\Roaming\Mozilla
    2008-11-10 10:32 . 2008-11-10 10:32 <REP> d-------- c:\users\Invité\AppData\Roaming\ATI
    2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\Nero
    2008-11-10 10:31 . 2008-11-10 10:31 <REP> d-------- c:\users\Invité\AppData\Roaming\GTek
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Videos
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Searches
    2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
    2008-11-10 10:30 . 2008-12-05 14:31 <REP> dr------- c:\users\Invité\Saved Games
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Pictures
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Music
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Links
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Favorites
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Downloads
    2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
    2008-11-10 10:30 . 2008-11-10 11:04 <REP> dr------- c:\users\Invité\Documents
    2008-11-10 10:30 . 2008-12-07 15:09 <REP> dr------- c:\users\Invité\Desktop
    2008-11-10 10:30 . 2008-12-07 15:09 <REP> dr------- c:\users\Invité\Desktop
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> dr------- c:\users\Invité\Contacts
    2008-11-10 10:30 . 2008-11-10 13:01 <REP> d---s---- c:\users\Invité\AppData\Roaming\Microsoft
    2008-11-10 10:30 . 2006-11-02 13:37 <REP> d-------- c:\users\Invité\AppData\Roaming\Media Center Programs
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité\AppData\Roaming\Identities
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d--h----- c:\users\Invité\AppData
    2008-11-10 10:30 . 2008-11-10 10:30 <REP> d-------- c:\users\Invité
    2008-11-10 10:30 . 2008-12-09 17:52 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
    2008-11-10 10:30 . 2008-12-09 17:52 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
    2008-11-09 23:28 . 2008-11-09 23:28 <REP> d-------- c:\program files\Java
    2008-11-09 23:28 . 2008-11-09 23:28 410,976 --a------ c:\windows\System32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-09 19:28 --------- d-----w c:\users\eltik\AppData\Roaming\uTorrent
    2008-12-09 19:01 --------- d-----w c:\users\eltik\AppData\Roaming\Hamachi
    2008-12-09 16:52 786,432 --sha-w c:\users\Invité\NTUSER.DAT
    2008-12-09 16:52 786,432 --sha-w c:\users\Invité\NTUSER.DAT
    2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
    2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
    2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-12-08 22:19 32 --sha-w c:\windows\system32\drivers\fidbox.dat
    2008-12-07 10:12 --------- d-----w c:\users\eltik\AppData\Roaming\sp2
    2008-12-06 16:40 --------- d-----w c:\users\eltik\AppData\Roaming\LimeWire
    2008-12-03 12:13 7,306 ----a-w C:\error_fix.exe
    2008-12-03 12:12 15,618 ----a-w C:\directx.exe
    2008-11-22 10:42 --------- d-----w c:\programdata\Microsoft Help
    2008-11-10 12:01 --------- d-s---w c:\users\Invité\AppData\Roaming\Microsoft
    2008-11-10 10:36 --------- d-----w c:\users\Invité\AppData\Roaming\Google
    2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Macromedia
    2008-11-10 10:05 --------- d-----w c:\users\Invité\AppData\Roaming\Adobe
    2008-11-10 10:03 --------- d-----w c:\users\Invité\AppData\Roaming\Mozilla
    2008-11-10 09:32 --------- d-----w c:\users\Invité\AppData\Roaming\ATI
    2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\Nero
    2008-11-10 09:31 --------- d-----w c:\users\Invité\AppData\Roaming\GTek
    2008-11-10 09:30 --------- d-----w c:\users\Invité\AppData\Roaming\Identities
    2008-11-08 16:09 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-03 19:56 --------- d-----w c:\program files\MSN Messenger
    2008-10-31 21:11 --------- d-----w c:\program files\Windows Live Safety Center
    2008-10-25 20:37 --------- d-----w c:\users\eltik\AppData\Roaming\fltk.org
    2008-10-22 15:48 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-16 16:21 --------- d-----w c:\program files\Windows Mail
    2008-10-14 19:59 96,559 ----a-w c:\windows\system32\drivers\klin.dat
    2008-10-14 19:59 87,855 ----a-w c:\windows\system32\drivers\klick.dat
    2008-10-14 19:59 --------- d-----w c:\programdata\Kaspersky Lab
    2008-10-13 19:31 --------- d---a-w c:\programdata\TEMP
    2008-10-13 18:41 691 ----a-w c:\users\eltik\AppData\Roaming\GetValue.vbs
    2008-10-13 18:41 35 ----a-w c:\users\eltik\AppData\Roaming\SetValue.bat
    2008-10-13 18:41 3,962 ----a-w c:\windows\System32\tmp.reg
    2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
    2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
    2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
    2008-10-01 13:51 87,552 ----a-w c:\windows\System32\VACFix.exe
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-26 20:02 131 ----a-w C:\inactif.dat
    2008-09-19 10:26 82,944 ----a-w c:\windows\System32\o4Patch.exe
    2008-09-19 10:26 82,944 ----a-w c:\windows\System32\IEDFix.C.exe
    2008-09-18 04:27 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 04:27 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
    2008-09-18 00:41 42,320 ----a-w c:\windows\System32\xfcodec.dll
    2008-07-10 11:28 174 --sha-w c:\program files\desktop.ini
    2008-06-20 20:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-06-20 20:40 56 ---ha-w c:\programdata\ezsidmv.dat
    2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-07_11.13.30,46 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-07 09:39:35 51,200 ----a-w c:\windows\inf\infpub.dat
    + 2008-12-09 19:31:25 51,200 ----a-w c:\windows\inf\infpub.dat
    - 2008-12-07 09:39:34 86,016 ----a-w c:\windows\inf\infstrng.dat
    + 2008-12-09 19:31:24 86,016 ----a-w c:\windows\inf\infstrng.dat
    - 2008-12-07 09:39:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-09 19:30:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-07 09:39:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-09 19:30:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-07 10:13:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-12-09 19:32:39 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-12-09 19:32:39 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-07 09:40:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-12-09 19:31:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-12-07 10:10:11 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-08 22:19:28 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-12-08 22:19:28 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-12-07 09:46:26 121,248 ----a-w c:\windows\System32\perfc009.dat
    + 2008-12-09 19:37:12 121,248 ----a-w c:\windows\System32\perfc009.dat
    - 2008-12-07 09:46:26 140,208 ----a-w c:\windows\System32\perfc00C.dat
    + 2008-12-09 19:37:12 140,208 ----a-w c:\windows\System32\perfc00C.dat
    - 2008-12-07 09:46:26 656,652 ----a-w c:\windows\System32\perfh009.dat
    + 2008-12-09 19:37:12 656,652 ----a-w c:\windows\System32\perfh009.dat
    - 2008-12-07 09:46:26 745,080 ----a-w c:\windows\System32\perfh00C.dat
    + 2008-12-09 19:37:12 745,080 ----a-w c:\windows\System32\perfh00C.dat
    - 2008-12-07 09:41:05 10,264 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3997995386-3143303825-376587101-1005_UserData.bin
    + 2008-12-09 19:32:53 10,280 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3997995386-3143303825-376587101-1005_UserData.bin
    - 2008-12-07 09:41:05 73,142 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-09 19:32:52 73,268 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-07 09:41:00 59,206 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-09 16:26:51 59,214 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-15 1232896]
    "Steam"="d:\valve\Steam\Steam.exe" [2008-10-08 1410296]
    "Nokia.PCSync"="d:\nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
    "PC Suite Tray"="d:\nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-07-16 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]
    "ManyCam"="c:\program files\ManyCam 2.2\ManyCam.exe" [2008-02-06 1676584]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 171448]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2006-09-01 74240]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
    "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
    "CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
    "ModeSwitch"="c:\program files\Lenovo\PowerDial\LitModeSwitch.exe" [2007-08-02 177448]
    "multitray"="c:\program files\Lenovo\MultiRecover\loadtray.exe" [2007-06-29 31248]
    "NBKeyScan"="d:\nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2008-01-20 217088]
    "AVP"="d:\kaspersky lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
    "Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-14 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\kasper~1\KASPER~1\mzvkbd.dll,d:\kasper~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.clmp3enc"= c:\progra~1\Lenovo\Power2Go\CLMP3Enc.ACM
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="0x00000000"
    "UpdatesDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{37457D7B-3350-448F-9020-348980987E97}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{E573EE08-9503-4A61-AE5B-F3C89B676912}"= UDP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{5575526A-269F-431D-85D6-E7856C6859B5}"= TCP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{5E23C099-8421-4BFA-96A8-E33914F29D4F}"= UDP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{8FDC97F2-90AC-42F1-90B8-E39BEC92F7EF}"= TCP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{C1124595-7130-4B4A-AD57-13C288BBF871}"= UDP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{1B3A029E-856C-4079-B255-85671FA87733}"= TCP:p rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{1EDC68F0-7594-4FC1-95B5-6D9EBCC3BC99}"= TCP:p rofile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{1D6B3DED-ED57-420F-B431-CA07894E189F}"= TCP:p rofile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{917B0640-4632-4D14-B9A1-6DDF763DA63B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{128083F9-8A38-4B3A-93D9-234A4A1A94D2}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{1FDB25BE-9F02-419E-BB62-44F257596BF7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{FC1CB830-BEA5-4979-8B13-AECBB63D9786}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{9814F4CA-F130-4122-B906-9B56AB97647E}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{891E7274-55EB-4224-BC7D-FC80A68B1DC9}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= UDP:D :\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
    "UDP Query User{48C9F76D-69E2-4792-99C3-937BC9CB6E98}d:\\valve\\steam\\steamapps\\eltik\\team fortress 2\\hl2.exe"= TCP:D :\valve\steam\steamapps\eltik\team fortress 2\hl2.exe:hl2
    "TCP Query User{82647698-7949-42CC-9181-8145AAB93B2E}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= UDP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
    "UDP Query User{5A1805DC-53AB-4D4D-8D3D-6147BB441683}c:\\users\\eltik\\appdata\\local\\temp\\rar$ex00.147\\volley.exe"= TCP:c:\users\eltik\appdata\local\temp\rar$ex00.147\volley.exe:volley.exe
    "{DA88018F-971B-4AD0-A19E-FB8F10D35709}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
    "{C69DF4DD-D37D-494C-A2C9-8F3391D7C4E7}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
    "{24CF0A63-EBF8-4CFD-AEDE-13A022380B70}"= UDP:D :\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
    "{26D39BEB-DD6C-416F-A238-06A4751E4B2F}"= TCP:D :\autodesk\Backburner\monitor.exe:backburner 2.3 monitor
    "{DC0FD998-7D5C-4ECE-B757-366CD9BB95FE}"= UDP:D :\autodesk\Backburner\manager.exe:backburner 2.3 manager
    "{4E106723-5479-47DC-B671-3F8430C015DB}"= TCP:D :\autodesk\Backburner\manager.exe:backburner 2.3 manager
    "{B142EDB3-4711-4B8F-82C8-2449CDEB4D7A}"= UDP:D :\autodesk\Backburner\server.exe:backburner 2.3 server
    "{626CF41D-8BF1-4063-A790-FE0A95F2756D}"= TCP:D :\autodesk\Backburner\server.exe:backburner 2.3 server
    "{F9BE9874-B4C3-46CB-B9B3-63557F1BD31E}"= UDP:D :\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
    "{411188A5-19ED-4957-B0CB-B7AB66326E22}"= TCP:D :\electronic arts\Battlefield 2142\BF2142.exe:Battlefield 2
    "TCP Query User{8C56AC05-7D3E-4AB6-826E-E274485375D8}d:\\limewire\\limewire.exe"= UDP:D :\limewire\limewire.exe:LimeWire
    "UDP Query User{A8BD715C-8BA5-47F4-915A-FEABB8DDED16}d:\\limewire\\limewire.exe"= TCP:D :\limewire\limewire.exe:LimeWire
    "TCP Query User{0066FB3C-97A7-4E61-9E7D-B3E5B8D8A388}d:\\wolfenstein - enemy territory\\et.exe"= UDP:D :\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{9CB6BFFA-0163-4131-A6C2-FF739167678A}d:\\wolfenstein - enemy territory\\et.exe"= TCP:D :\wolfenstein - enemy territory\et.exe:ET
    "{31043263-0620-4106-8D3E-C6629B7C14ED}"= d:\electronic arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
    "{8A56D107-86BE-433F-A3BF-26203F0973F9}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
    "TCP Query User{8DE1D62E-B1B4-4050-BB14-D1F3D59FF5F1}d:\\ut2004\\system\\ut2004.exe"= UDP:D :\ut2004\system\ut2004.exe:UT2004
    "UDP Query User{EC062E63-1AD7-4FA1-8C20-3086AFAF3BF4}d:\\ut2004\\system\\ut2004.exe"= TCP:D :\ut2004\system\ut2004.exe:UT2004
    "{C6B240B6-B3D8-4398-A81D-F8B6FCE895F5}"= d:\electronic arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3 : La Fureur de Kane
    "TCP Query User{C3A99262-A572-4EE8-8CAE-36213A7AB67C}d:\\program files\\xfire\\xfire.exe"= UDP:D :\program files\xfire\xfire.exe:Xfire
    "UDP Query User{889F03ED-F5F6-4DAB-91E9-D619C39FFA32}d:\\program files\\xfire\\xfire.exe"= TCP:D :\program files\xfire\xfire.exe:Xfire
    "TCP Query User{328F4174-07B3-47F4-81B5-62ECF31CAA87}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= UDP:D :\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
    "UDP Query User{AD71AC15-52DD-443F-B889-2477ACDB19FB}d:\\valve\\steam\\steamapps\\eltik\\garrysmod\\hl2.exe"= TCP:D :\valve\steam\steamapps\eltik\garrysmod\hl2.exe:hl2
    "TCP Query User{F424173F-6ABD-4E66-9740-74CC77B44F5F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= UDP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{FA03ED9F-EAA8-41DD-853F-3A1C03EF7A4F}c:\\users\\eltik\\program files\\dna\\btdna.exe"= TCP:c:\users\eltik\program files\dna\btdna.exe:btdna.exe
    "{054FA35B-D73F-41B4-A6D2-3000438E3B7E}"= UDP:D :\utorrent\uTorrent.exe:µTorrent (TCP-In)
    "{D4100674-B1CC-4946-BE48-FA9C98903A07}"= TCP:D :\utorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{BAF73FB6-2BA2-4F15-9B53-3BCD8B71386B}d:\\nexuiz\\nexuiz.exe"= UDP:D :\nexuiz\nexuiz.exe:Nexuiz
    "UDP Query User{7CAD80C2-C487-4E10-8F7B-35D37258DFEC}d:\\nexuiz\\nexuiz.exe"= TCP:D :\nexuiz\nexuiz.exe:Nexuiz
    "{417B45F9-EB03-412A-8391-CE6D1BA770E9}"= UDP:D :\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
    "{54FF94EC-CF84-4C66-B5E9-93B24AACA7B9}"= TCP:D :\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe:Kaspersky Anti-Virus 2009
    "TCP Query User{E33E88C0-E010-402E-A8F0-441AB33F2B2D}d:\\unreal gold\\system\\unreal.exe"= UDP:D :\unreal gold\system\unreal.exe:Unreal
    "UDP Query User{78F54BCE-0832-4457-ABEF-3598E72B15B4}d:\\unreal gold\\system\\unreal.exe"= TCP:D :\unreal gold\system\unreal.exe:Unreal
    "{60D37DDB-670D-4967-ADF5-AAA554F46004}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{231750EB-4067-4D8B-9C53-332ADD1B676C}d:\\secondlife\\slvoice.exe"= UDP:D :\secondlife\slvoice.exe:SLVoice
    "UDP Query User{3B1FBBC5-6FA6-4CDF-A2FE-109402C840FC}d:\\secondlife\\slvoice.exe"= TCP:D :\secondlife\slvoice.exe:SLVoice
    "{C53E70DD-F6EA-4F36-AE0F-67211547A53F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
    R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2007-09-17 24856]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
    R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 208896]
    R2 NMSCore;Intel(R) NMSCore;"c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 317656]
    R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
    R2 OKAV Agent Service;OKAV Agent Service;c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe [2007-06-28 66824]
    R2 QualityManager;Intel(R) Quality Manager;"c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 272600]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
    R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2008-02-12 347648]
    R3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-09-17 5632]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2007-09-17 16912]
    S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
    S3 LitModeCtrl;LitModeCtrl;"c:\program files\Lenovo\PowerDial\LitModeCtrl.exe" [2007-09-17 92048]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e958ba4-8c76-11dd-a49b-001b111523ed}]
    \shell\AutoRun\command - K:\start.exe
    \shell\iledefrance\command - K:\start.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
    .
    .
    ------- Examen supplémentaire -------
    .
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    FireFox -: Profile - c:\users\eltik\AppData\Roaming\Mozilla\Firefox\Profiles\me18f9eb.default\
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF -: plugin - c:\users\eltik\Program Files\DNA\plugins\npbtdna.dll
    FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    FF -: plugin - d:\reader\browser\nppdf32.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-09 22:27:19
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-09 22:28:42
    ComboFix-quarantined-files.txt 2008-12-09 21:28:40
    ComboFix2.txt 2008-12-07 10:14:36

    Avant-CF: 2 327 400 448 octets libres
    Après-CF: 2,316,193,792 octets libres

    378 --- E O F --- 2008-12-08 17:20:13
    9 Décembre 2008 22:35:31

    re



    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\error_fix.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    même chose avec C:\directx.exe
    9 Décembre 2008 22:46:52

    Pour le premier fichier:


    Fichier error_fix.exe reçu le 2008.12.09 22:39:03 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.10.0 2008.12.09 -
    AntiVir 7.9.0.43 2008.12.09 -
    Authentium 5.1.0.4 2008.12.09 -
    Avast 4.8.1281.0 2008.12.09 -
    AVG 8.0.0.199 2008.12.09 -
    BitDefender 7.2 2008.12.09 -
    CAT-QuickHeal 10.00 2008.12.09 -
    ClamAV 0.94.1 2008.12.09 -
    Comodo 713 2008.12.09 -
    DrWeb 4.44.0.09170 2008.12.09 -
    eSafe 7.0.17.0 2008.12.09 -
    eTrust-Vet 31.6.6252 2008.12.09 -
    Ewido 4.0 2008.12.09 -
    F-Prot 4.4.4.56 2008.12.09 -
    F-Secure 8.0.14332.0 2008.12.09 -
    Fortinet 3.117.0.0 2008.12.09 -
    GData 19 2008.12.09 -
    Ikarus T3.1.1.45.0 2008.12.08 -
    K7AntiVirus 7.10.549 2008.12.09 -
    Kaspersky 7.0.0.125 2008.12.09 -
    McAfee 5459 2008.12.09 -
    McAfee+Artemis 5459 2008.12.09 -
    Microsoft 1.4205 2008.12.09 -
    NOD32 3679 2008.12.09 -
    Norman 5.80.02 2008.12.09 -
    Panda 9.0.0.4 2008.12.09 -
    PCTools 4.4.2.0 2008.12.09 -
    Prevx1 V2 2008.12.09 -
    Rising 21.07.12.00 2008.12.09 -
    SecureWeb-Gateway 6.7.6 2008.12.09 -
    Sophos 4.36.0 2008.12.09 -
    Sunbelt 3.1.1832.2 2008.12.01 -
    Symantec 10 2008.12.09 -
    TheHacker 6.3.1.2.180 2008.12.09 -
    TrendMicro 8.700.0.1004 2008.12.09 -
    VBA32 3.12.8.10 2008.12.09 -
    ViRobot 2008.12.9.1509 2008.12.09 -
    VirusBuster 4.5.11.0 2008.12.09 -
    Information additionnelle
    File size: 7306 bytes
    MD5...: 0f3bfbdff0f6e40af499daf4e82b5bcd
    SHA1..: 98255d0975df9fb4b6c4fb5d9b3e32f20cdd4178
    SHA256: 60492460c49bbff362956d56856473ca5da65a76ba6093904019b31de4dc8469
    SHA512: 68867cfbac2e95b4a70cbcfca108dc170d8e0015a00a47b31d7c82085499342b<br>b9d6bfebce7684b505e660e567100fe1f2f70bd9047420fca6216b5f8e22dcfc<br>
    ssdeep: 96:ysZIYx7izDfVhVKFghXNbCtmgo+AJL1KKALrLclYWtIdg:hZIO7WVWghjJxAc<br>YWIdg<br>
    PEiD..: -
    TrID..: File type identification<br>HyperText Markup Language (100.0%)
    PEInfo: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.10.0 2008.12.09 -
    AntiVir 7.9.0.43 2008.12.09 -
    Authentium 5.1.0.4 2008.12.09 -
    Avast 4.8.1281.0 2008.12.09 -
    AVG 8.0.0.199 2008.12.09 -
    BitDefender 7.2 2008.12.09 -
    CAT-QuickHeal 10.00 2008.12.09 -
    ClamAV 0.94.1 2008.12.09 -
    Comodo 713 2008.12.09 -
    DrWeb 4.44.0.09170 2008.12.09 -
    eSafe 7.0.17.0 2008.12.09 -
    eTrust-Vet 31.6.6252 2008.12.09 -
    Ewido 4.0 2008.12.09 -
    F-Prot 4.4.4.56 2008.12.09 -
    F-Secure 8.0.14332.0 2008.12.09 -
    Fortinet 3.117.0.0 2008.12.09 -
    GData 19 2008.12.09 -
    Ikarus T3.1.1.45.0 2008.12.08 -
    K7AntiVirus 7.10.549 2008.12.09 -
    Kaspersky 7.0.0.125 2008.12.09 -
    McAfee 5459 2008.12.09 -
    McAfee+Artemis 5459 2008.12.09 -
    Microsoft 1.4205 2008.12.09 -
    NOD32 3679 2008.12.09 -
    Norman 5.80.02 2008.12.09 -
    Panda 9.0.0.4 2008.12.09 -
    PCTools 4.4.2.0 2008.12.09 -
    Prevx1 V2 2008.12.09 -
    Rising 21.07.12.00 2008.12.09 -
    SecureWeb-Gateway 6.7.6 2008.12.09 -
    Sophos 4.36.0 2008.12.09 -
    Sunbelt 3.1.1832.2 2008.12.01 -
    Symantec 10 2008.12.09 -
    TheHacker 6.3.1.2.180 2008.12.09 -
    TrendMicro 8.700.0.1004 2008.12.09 -
    VBA32 3.12.8.10 2008.12.09 -
    ViRobot 2008.12.9.1509 2008.12.09 -
    VirusBuster 4.5.11.0 2008.12.09 -

    Information additionnelle
    File size: 7306 bytes
    MD5...: 0f3bfbdff0f6e40af499daf4e82b5bcd
    SHA1..: 98255d0975df9fb4b6c4fb5d9b3e32f20cdd4178
    SHA256: 60492460c49bbff362956d56856473ca5da65a76ba6093904019b31de4dc8469
    SHA512: 68867cfbac2e95b4a70cbcfca108dc170d8e0015a00a47b31d7c82085499342b<br>b9d6bfebce7684b505e660e567100fe1f2f70bd9047420fca6216b5f8e22dcfc<br>
    ssdeep: 96:ysZIYx7izDfVhVKFghXNbCtmgo+AJL1KKALrLclYWtIdg:hZIO7WVWghjJxAc<br>YWIdg<br>
    PEiD..: -
    TrID..: File type identification<br>HyperText Markup Language (100.0%)
    PEInfo: -

    ------------------------------------------------------------------------------------------------


    Pour le second:


    Fichier directx.exe reçu le 2008.12.09 22:41:59 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.10.0 2008.12.09 -
    AntiVir 7.9.0.43 2008.12.09 -
    Authentium 5.1.0.4 2008.12.09 -
    Avast 4.8.1281.0 2008.12.09 -
    AVG 8.0.0.199 2008.12.09 -
    BitDefender 7.2 2008.12.09 -
    CAT-QuickHeal 10.00 2008.12.09 -
    ClamAV 0.94.1 2008.12.09 -
    Comodo 713 2008.12.09 -
    DrWeb 4.44.0.09170 2008.12.09 -
    eSafe 7.0.17.0 2008.12.09 -
    eTrust-Vet 31.6.6252 2008.12.09 -
    Ewido 4.0 2008.12.09 -
    F-Prot 4.4.4.56 2008.12.09 -
    Fortinet 3.117.0.0 2008.12.09 -
    GData 19 2008.12.09 -
    Ikarus T3.1.1.45.0 2008.12.08 -
    K7AntiVirus 7.10.549 2008.12.09 -
    Kaspersky 7.0.0.125 2008.12.09 -
    McAfee 5459 2008.12.09 -
    McAfee+Artemis 5459 2008.12.09 -
    Microsoft 1.4205 2008.12.09 -
    NOD32 3679 2008.12.09 -
    Norman 5.80.02 2008.12.09 -
    Panda 9.0.0.4 2008.12.09 -
    Rising 21.07.12.00 2008.12.09 -
    SecureWeb-Gateway 6.7.6 2008.12.09 -
    Sophos 4.36.0 2008.12.09 -
    Sunbelt 3.1.1832.2 2008.12.01 -
    Symantec 10 2008.12.09 -
    TheHacker 6.3.1.2.180 2008.12.09 -
    TrendMicro 8.700.0.1004 2008.12.09 -
    VBA32 3.12.8.10 2008.12.09 -
    ViRobot 2008.12.9.1509 2008.12.09 -
    VirusBuster 4.5.11.0 2008.12.09 -
    Information additionnelle
    File size: 15618 bytes
    MD5...: c76157e34a890929a8b28d0a1507df85
    SHA1..: e03c6a90a2b5d30bbd3d5d499a3cd8dd9d4bfaaf
    SHA256: 222c0cc8c328bf8019c09c9edca4642448ef7b6a0c87e3cec54955a8149d57d0
    SHA512: ee01f6dae8d6682a09cb615731dbfcb1fbf2edb47cbc2b5a128a6ef64ea8af70<br>91337e42ba398da3bd1a3a787d42631e10016b4de9ebf7c32749a770fd2864f5<br>
    ssdeep: 384:87NFNmf1JxCpDewOmllOI5W88yrgfHiexiBxfw8DcjKP:Yn0rCpetml38BPN<br>x+fw8Yc<br>
    PEiD..: -
    TrID..: File type identification<br>JFIF JPEG Bitmap (50.0%)<br>JPEG Bitmap (37.4%)<br>MP3 audio (12.4%)
    PEInfo: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.12.10.0 2008.12.09 -
    AntiVir 7.9.0.43 2008.12.09 -
    Authentium 5.1.0.4 2008.12.09 -
    Avast 4.8.1281.0 2008.12.09 -
    AVG 8.0.0.199 2008.12.09 -
    BitDefender 7.2 2008.12.09 -
    CAT-QuickHeal 10.00 2008.12.09 -
    ClamAV 0.94.1 2008.12.09 -
    Comodo 713 2008.12.09 -
    DrWeb 4.44.0.09170 2008.12.09 -
    eSafe 7.0.17.0 2008.12.09 -
    eTrust-Vet 31.6.6252 2008.12.09 -
    Ewido 4.0 2008.12.09 -
    F-Prot 4.4.4.56 2008.12.09 -
    Fortinet 3.117.0.0 2008.12.09 -
    GData 19 2008.12.09 -
    Ikarus T3.1.1.45.0 2008.12.08 -
    K7AntiVirus 7.10.549 2008.12.09 -
    Kaspersky 7.0.0.125 2008.12.09 -
    McAfee 5459 2008.12.09 -
    McAfee+Artemis 5459 2008.12.09 -
    Microsoft 1.4205 2008.12.09 -
    NOD32 3679 2008.12.09 -
    Norman 5.80.02 2008.12.09 -
    Panda 9.0.0.4 2008.12.09 -
    Rising 21.07.12.00 2008.12.09 -
    SecureWeb-Gateway 6.7.6 2008.12.09 -
    Sophos 4.36.0 2008.12.09 -
    Sunbelt 3.1.1832.2 2008.12.01 -
    Symantec 10 2008.12.09 -
    TheHacker 6.3.1.2.180 2008.12.09 -
    TrendMicro 8.700.0.1004 2008.12.09 -
    VBA32 3.12.8.10 2008.12.09 -
    ViRobot 2008.12.9.1509 2008.12.09 -
    VirusBuster 4.5.11.0 2008.12.09 -

    Information additionnelle
    File size: 15618 bytes
    MD5...: c76157e34a890929a8b28d0a1507df85
    SHA1..: e03c6a90a2b5d30bbd3d5d499a3cd8dd9d4bfaaf
    SHA256: 222c0cc8c328bf8019c09c9edca4642448ef7b6a0c87e3cec54955a8149d57d0
    SHA512: ee01f6dae8d6682a09cb615731dbfcb1fbf2edb47cbc2b5a128a6ef64ea8af70<br>91337e42ba398da3bd1a3a787d42631e10016b4de9ebf7c32749a770fd2864f5<br>
    ssdeep: 384:87NFNmf1JxCpDewOmllOI5W88yrgfHiexiBxfw8DcjKP:Yn0rCpetml38BPN<br>x+fw8Yc<br>
    PEiD..: -
    TrID..: File type identification<br>JFIF JPEG Bitmap (50.0%)<br>JPEG Bitmap (37.4%)<br>MP3 audio (12.4%)
    PEInfo: -
    9 Décembre 2008 22:52:14

    ok
    fais un scan avec ton antivirus (kaspersky) que tu auras mis à jour avant
    poste le rapport stp
    11 Décembre 2008 21:49:57

    Bonsoir

    Je te ferai ça bientôt, en ce moment je n'en ai pas trop le temps voilà juste pour te prévenir ^^
    A plus !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter