Votre question

MAJ Avast impossible, redirection internet aléatoire...(cf.log hijack)

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Octobre 2008 18:17:05

Bonjour et par avance merci !

Je suis depuis hier infecté par je ne sais trop quoi qui m'empêche l'accès aux site parlant de sécurité informatique, qui me redirige vers des sites commerciaux et qui plus est empêche avast de ce mettre à jour...

En parcourant le forum, j'ai pu constater qu'une première chose à faire était de lancer hijack this et de poster le log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:53, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)

--
End of file - 10176 bytes

Comme pour la plupart des non initié, c'est du chinois pour moi. Si une âme charitable sait décrypter le mandarin :sweat: 

Medyaye.

Autres pages sur : maj avast impossible redirection internet aleatoire log hijack

a b 8 Sécurité
21 Octobre 2008 20:18:02

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    21 Octobre 2008 23:03:49

    Premièrement, merci pour la rapidité de l'aide !

    J'ai tenté le téléchargement de Malwaresbytes via le lien proposé, cependant, le "virus" semble bloqué l'accès à tout ce qui touche à la sécurité informatique. J'ai donc téléchargé via mon nas sur le site de clubic.
    Après l'avoir installé, je n'ai pus le mettre à jour : impossible de se connecter à tout site qui parle de sécurité informatique...

    J'ai tout de même lancer le scan en mode sans échec, ci dessous, le log

    Malwarebytes' Anti-Malware 1.27
    Database version: 1127
    Windows 5.1.2600 Service Pack 3

    21/10/2008 22:52:20
    mbam-log-2008-10-21 (22-52-12).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 123827
    Time elapsed: 2 hour(s), 0 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.


    J'ai effacer les fichiers, cependant, au redémarrage, les symptômes sont toujours là :sweat: 
    22 Octobre 2008 08:18:44

    Juste un petit mot pour préciser qu'avant de passer hijack this pour la première fois, j'ai procédé à plusieurs scan avast qui chaque fois a trouvé plusieurs "joyeusetés". Je les ai bien entendu effacés.
    22 Octobre 2008 10:50:15

    Bonjour ,
    Télécharge le logiciel spybot et installe le .
    Ensuite fais une analyse et supprime toutes les merdes , redémarre ton pc et sa devrait remarcher .
    Cordialement ,
    22 Octobre 2008 12:48:28

    Bonjour idris821,

    j'ai réalisé un scan avec spybot. Il a trouvé un paquet de saletés que je me suis empressé de supprimer. J'ai redémarré et là, problème : windows xp reste bloqué sur la page Bienvenu. Je procède à un reboot en mode sans échec. Je refais un scan avec spybot qui ne trouve rien... Je redémarre normalement: tout fonctionne. J'ai réussi à mettre à jour Avast!, Spybot, Malwarebytes et je peux de nouveau visiter les sites traitant de sécurité informatique.
    Une question tout de même : comment être sur que mon pc est sain à 100% ? J'utilise mon pc pour tout un tas de choses sensibles (compte en banque, facture edf, eau, mobile...etc).

    En tout cas, merci pour l'aide.
    a b 8 Sécurité
    22 Octobre 2008 17:24:34

    Merci de ne pas intervenir dans les désinfections idris, surtout pour dire ça.
    Tu es certain d'avoir supprimer les infections ?

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    22 Octobre 2008 17:28:46

    Bonjour Angeldark.

    Vu les doutes que j'exprime dans mon post précédent, non, je ne suis pas sur d'avoir procédé à une désinfection totale. Toujours est-il que les symptômes les plus génants ont été éradiqués. Malgré cela, comme j'ai pu mettre à jour Mlawarebytes, j'ai redémarré en mode sans échec et procédé à un nouveau scan... 5 infections détectées...
    Ci-dessous, le log :

    Malwarebytes' Anti-Malware 1.29
    Database version: 1305
    Windows 5.1.2600 Service Pack 3

    22/10/2008 17:10:24
    mbam-log-2008-10-22 (17-10-16).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 124436
    Time elapsed: 2 hour(s), 1 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.


    Je continue néanmoins de suivre ton conseil avec Combofix.
    Je posterais le résultats.
    22 Octobre 2008 17:46:28

    ComboFix 08-10-21.05 - Mehdi 2008-10-22 17:37:46.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.654 [GMT 2:00]

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\dao350.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\drivers\TDSSpqxt.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 17:12 . 2008-10-22 17:12 77,824 --a------ C:\WINDOWS\system32\TDSSnrsr.dll
    2008-10-22 17:12 . 2008-10-22 17:12 31,232 --a------ C:\WINDOWS\system32\TDSSosvd.dll
    2008-10-22 17:12 . 2008-10-22 17:12 30,720 --a------ C:\WINDOWS\system32\TDSSsbhc.dll
    2008-10-22 17:12 . 2008-10-22 17:12 29,696 --a------ C:\WINDOWS\system32\TDSSofxh.dll
    2008-10-22 17:12 . 2008-10-22 17:12 2,748 --a------ C:\WINDOWS\system32\TDSScfum.dll
    2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
    2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-10-22 11:26 . 2008-10-22 17:12 36,864 --a------ C:\WINDOWS\system32\TDSSosvn.dll
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-20 20:27 . 2008-10-21 22:55 77,824 --a------ C:\WINDOWS\system32\TDSSxfum.dll
    2008-10-20 20:27 . 2008-10-21 22:55 31,232 --a------ C:\WINDOWS\system32\TDSSriqp.dll
    2008-10-20 20:27 . 2008-10-21 22:55 30,720 --a------ C:\WINDOWS\system32\TDSSrhym.dll
    2008-10-20 20:27 . 2008-10-21 22:55 29,696 --a------ C:\WINDOWS\system32\TDSSbrsr.dll
    2008-10-20 20:27 . 2008-10-21 22:55 3,530 --a------ C:\WINDOWS\system32\TDSSlxwp.dll
    2008-10-20 20:26 . 2008-10-21 22:55 60,416 --a------ C:\WINDOWS\system32\drivers\TDSSmhlt.sys
    2008-10-20 20:26 . 2008-10-21 22:55 36,864 --a------ C:\WINDOWS\system32\TDSSoiqh.dll
    2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
    2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
    2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
    2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
    2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
    2008-10-17 18:27 --------- d-----w C:\Program Files\PokerStars
    2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
    2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
    2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
    2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
    2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
    2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
    2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
    2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
    2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
    2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
    2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
    2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-09-08 18:02 --------- d-----w C:\Program Files\Google
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
    2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
    2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-08-24 09:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2008-08-22 19:38 --------- d-----w C:\Program Files\Fichiers communs\Remote Control Software Common
    2008-08-22 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-22 19:37 --------- d-----w C:\Program Files\Logitech
    2008-08-22 19:37 --------- d-----w C:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-08-22 19:36 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\InstallShield
    2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhlt.sys]
    @="driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
    S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
    S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
    S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
    S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
    S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
    S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
    S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\DOCUME~1\Mehdi\APPLIC~1\Mozilla\Firefox\Profiles\8x5myw7c.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?source=fhig
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
    FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-22 17:41:44
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys)]
    "imagepath"="\systemroot\system32\drivers\TDSSpqxt.sys"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Logitech\SetPoint\lgscroll.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-22 17:45:17 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-22 15:45:12

    Avant-CF: 10,575,695,872 octets libres
    Après-CF: 10,576,814,080 octets libres

    254 --- E O F --- 2008-10-16 18:13:59
    a b 8 Sécurité
    22 Octobre 2008 17:49:14

    Citation :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.

    Tu es certain de bien supprimé ?
    22 Octobre 2008 20:06:57

    J'ai relanc malwarebytes qui a retrouvé des infections. La suppression a cette fois ci bien fonctionné.

    Dois-je faire autre chose maintenant ?

    Malwarebytes' Anti-Malware 1.29
    Database version: 1305
    Windows 5.1.2600 Service Pack 3

    22/10/2008 20:00:26
    mbam-log-2008-10-22 (20-00-26).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 124571
    Time elapsed: 2 hour(s), 1 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 17

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSbrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSfxmp.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSofxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSosvd.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSosvn.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSsbhc.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\TDSSmhlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    22 Octobre 2008 20:40:48

    Refais un scan Combofix :) 
    22 Octobre 2008 21:02:49

    Combifix lancé en mode sans échec :

    ComboFix 08-10-21.05 - Administrateur 2008-10-22 21:18:24.2 - NTFSx86 MINIMAL
    Lancé depuis: C:\Documents and Settings\All Users\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Mehdi\Local Settings\Temporary Internet Files\

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
    2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
    2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
    2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
    2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
    2008-10-17 18:27 --------- d-----w C:\Program Files\PokerStars
    2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
    2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
    2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
    2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
    2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
    2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
    2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
    2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
    2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
    2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-09-08 18:02 --------- d-----w C:\Program Files\Google
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
    2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-08-24 09:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-22 19:38 --------- d-----w C:\Program Files\Fichiers communs\Remote Control Software Common
    2008-08-22 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-22 19:37 --------- d-----w C:\Program Files\Logitech
    2008-08-22 19:37 --------- d-----w C:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhlt.sys]
    @="driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
    S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
    S2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
    S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
    S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
    S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
    S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
    S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
    S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
    S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://global.acer.com
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-22 21:20:53
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys)]
    "imagepath"="\systemroot\system32\drivers\TDSSpqxt.sys"
    .
    Heure de fin: 2008-10-22 21:22:25
    ComboFix-quarantined-files.txt 2008-10-22 19:22:19
    ComboFix2.txt 2008-10-22 15:45:18

    Avant-CF: 11 667 566 592 octets libres
    Après-CF: 11,651,588,096 octets libres

    212 --- E O F --- 2008-10-16 18:13:59
    22 Octobre 2008 21:33:59

    Combifix lancé en mode normal

    ComboFix 08-10-21.05 - Mehdi 2008-10-22 21:29:07.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.564 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\All Users\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
    2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
    2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
    2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
    2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
    2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
    2008-10-17 18:27 --------- d-----w C:\Program Files\PokerStars
    2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
    2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
    2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
    2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
    2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
    2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
    2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
    2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
    2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
    2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
    2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
    2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-09-08 18:02 --------- d-----w C:\Program Files\Google
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
    2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-08-24 09:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-22 19:38 --------- d-----w C:\Program Files\Fichiers communs\Remote Control Software Common
    2008-08-22 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-22 19:37 --------- d-----w C:\Program Files\Logitech
    2008-08-22 19:37 --------- d-----w C:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-08-22 19:36 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\InstallShield
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
    2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-22 19:24:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhlt.sys]
    @="driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
    S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
    S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
    S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
    S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
    S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
    S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
    S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?source=fhig
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
    FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-22 21:30:33
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys)]
    "imagepath"="\systemroot\system32\drivers\TDSSpqxt.sys"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Logitech\SetPoint\lgscroll.dll
    .
    Heure de fin: 2008-10-22 21:31:54
    ComboFix-quarantined-files.txt 2008-10-22 19:31:50
    ComboFix2.txt 2008-10-22 19:22:26
    ComboFix3.txt 2008-10-22 15:45:18

    Avant-CF: 10 578 812 928 octets libres
    Après-CF: 10,568,232,960 octets libres

    232 --- E O F --- 2008-10-16 18:13:59


    Par contre, Avast ne se lance plus au démarrage...
    a b 8 Sécurité
    23 Octobre 2008 10:53:38

    Supprime ta version de Combofix, retélécharge-la puis refais un scan.
    23 Octobre 2008 18:46:15

    ComboFix 08-10-22.05 - Mehdi 2008-10-23 18:37:55.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.599 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Mehdi\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv.sys)


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
    2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
    2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
    2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
    2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 19:44 --------- d-----w C:\Program Files\PokerStars
    2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
    2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
    2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
    2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
    2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
    2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
    2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
    2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
    2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
    2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
    2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
    2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
    2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
    2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-09-08 18:02 --------- d-----w C:\Program Files\Google
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
    2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
    2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-08-24 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-23 16:41:06 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
    S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
    S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
    S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
    S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
    S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
    S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
    S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SafeBoot-TDSSmhlt.sys


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?source=fhig
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
    FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 18:41:45
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Logitech\SetPoint\lgscroll.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-23 18:45:11 - La machine a redémarré [Mehdi]
    ComboFix-quarantined-files.txt 2008-10-23 16:45:06
    ComboFix2.txt 2008-10-22 19:31:55
    ComboFix3.txt 2008-10-22 19:22:26
    ComboFix4.txt 2008-10-22 15:45:18

    Avant-CF: 10 541 330 432 octets libres
    Après-CF: 10,568,691,712 octets libres

    241 --- E O F --- 2008-10-16 18:13:59
    a b 8 Sécurité
    23 Octobre 2008 18:56:49

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    http://www.infos-du-net.com/forum/283030-11-avast-impossible-redirection-internet-aleatoire-hijack

    Collect::[4]
    C:\WINDOWS\system32\TDSSpaxt.dat
    C:\WINDOWS\system32\TDSSosvd.dat


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    23 Octobre 2008 19:26:19

    ComboFix 08-10-23.01 - Mehdi 2008-10-23 19:17:13.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.611 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Mehdi\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Mehdi\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\TDSSosvd.dat
    C:\WINDOWS\system32\TDSSpaxt.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
    2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
    2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
    2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 19:44 --------- d-----w C:\Program Files\PokerStars
    2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
    2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
    2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
    2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
    2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
    2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
    2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
    2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
    2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
    2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
    2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
    2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
    2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
    2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-09-08 18:02 --------- d-----w C:\Program Files\Google
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
    2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-08-24 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
    2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-23 16:41:06 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
    S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
    S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
    S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
    S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
    S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
    S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
    S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
    S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 19:18:58
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-23 19:20:01
    ComboFix-quarantined-files.txt 2008-10-23 17:19:51
    ComboFix2.txt 2008-10-23 16:45:12
    ComboFix3.txt 2008-10-22 19:31:55
    ComboFix4.txt 2008-10-22 19:22:26
    ComboFix5.txt 2008-10-23 17:11:51

    Avant-CF: 10 496 995 328 octets libres
    Après-CF: 10,483,220,480 octets libres

    211 --- E O F --- 2008-10-16 18:13:59


    Le fichier Submit(date du jour) a été envoyé avec succès
    23 Octobre 2008 19:29:09

    le log que je viens de poster est celui que j'ai sauvegardé manuellement après le scan de combofix. Dans le rep du Submit(date).zip (C:\Qoobox\) j'ai trouvé le combofix suivant.

    ComboFix 08-10-23.01 - Mehdi 2008-10-23 19:17:13.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.611 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Mehdi\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Mehdi\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\TDSSosvd.dat
    C:\WINDOWS\system32\TDSSpaxt.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
    2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
    2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
    2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
    2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
    2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
    2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-22 19:44 --------- d-----w C:\Program Files\PokerStars
    2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
    2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
    2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
    2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
    2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
    2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
    2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
    2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
    2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
    2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
    2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
    2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
    2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
    2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
    2008-09-08 18:02 --------- d-----w C:\Program Files\Google
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
    2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
    2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-08-24 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
    2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-23 16:41:06 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 03:18 443968]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 20:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 20:32 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 19:26 82009]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07 729177]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 19:59 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 06:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 06:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 06:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 06:00 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 22:05 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 19:04 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 10:13 2880512]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 12:43 319488]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 18:26 352256]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 15:09 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 12:57 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 18:57 289576]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 01:36:34 581632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 17:54 78208]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 15:46 69632]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 17:58 7296]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 16:57 4010]
    S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
    S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 14:40 18432]
    S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 05:42 18560]
    S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 12:36 70272]
    S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00 33752]
    S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 12:34 37248]
    S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 11:55 30464]
    S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 11:55 12672]
    S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12 217216]
    S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12 17792]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53 19677]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 19:18:58
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-23 19:20:01
    ComboFix-quarantined-files.txt 2008-10-23 17:19:51
    ComboFix2.txt 2008-10-23 16:45:12
    ComboFix3.txt 2008-10-22 19:31:55
    ComboFix4.txt 2008-10-22 19:22:26
    ComboFix5.txt 2008-10-23 17:11:51

    Avant-CF: 10 496 995 328 octets libres
    Après-CF: 10,483,220,480 octets libres

    211 --- E O F --- 2008-10-16 18:13:59
    a b 8 Sécurité
    23 Octobre 2008 20:02:54

    Reposte un rapport Hijackthis.
    23 Octobre 2008 21:00:03

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:58:14, on 23/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)

    --
    End of file - 10390 bytes
    23 Octobre 2008 23:11:11



    Avira AntiVir Personal
    Report file date: jeudi 23 octobre 2008 21:37

    Scanning for 1705737 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: LAPTOPMEDYAYE

    Version information:
    BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 19:35:52
    ANTIVIR3.VDF : 7.0.7.80 166400 Bytes 23/10/2008 19:35:54
    Engineversion : 8.2.0.7
    AEVDF.DLL : 8.1.0.6 102772 Bytes 23/10/2008 19:36:16
    AESCRIPT.DLL : 8.1.1.9 319867 Bytes 23/10/2008 19:36:14
    AESCN.DLL : 8.1.1.3 123252 Bytes 23/10/2008 19:36:13
    AERDL.DLL : 8.1.1.2 438644 Bytes 23/10/2008 19:36:12
    AEPACK.DLL : 8.1.2.4 369014 Bytes 23/10/2008 19:36:09
    AEOFFICE.DLL : 8.1.0.29 196988 Bytes 23/10/2008 19:36:07
    AEHEUR.DLL : 8.1.0.63 1479032 Bytes 23/10/2008 19:36:06
    AEHELP.DLL : 8.1.1.2 115062 Bytes 23/10/2008 19:36:01
    AEGEN.DLL : 8.1.0.41 319861 Bytes 23/10/2008 19:36:00
    AEEMU.DLL : 8.1.0.9 393588 Bytes 23/10/2008 19:35:58
    AECORE.DLL : 8.1.2.7 172407 Bytes 23/10/2008 19:35:56
    AEBB.DLL : 8.1.0.3 53618 Bytes 23/10/2008 19:35:55
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 23/10/2008 19:35:54
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 23 octobre 2008 21:37

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
    Scan process 'KEM.exe' - '1' Module(s) have been scanned
    Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
    Scan process 'EPM-DM.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'MA_CMIDI_Inst.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    49 processes with 49 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '88' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqxt.sys.vir
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0120794.exe
    [DETECTION] Is the TR/Small.bbc Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0120798.sys
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121955.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121957.dll
    [DETECTION] Is the TR/FakeAV.1.Gen.67 Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121958.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121959.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acx back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121960.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121961.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acx back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121963.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121965.dll
    [DETECTION] Is the TR/FakeAV.1.Gen.67 Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121966.sys
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <ACERDATA>
    D:\Ma musique\Musiquita del Verano 2005. By Edu Dj. Discoteca Monasterio Avda. de Brasil (madrid)pachanga, bisbal, shakira, juanes, don omar, sps, todos los exitos.ace
    [0] Archive type: ACE
    --> Musiquita del Verano 2005. By Edu Dj. Discoteca Monasterio Avda. de Brasil (madrid)\Cd2\04 - Pilar Montenegro - Tomalo Suave (Spanish edit).MP3
    [WARNING] No further files can be extracted from this archive. The archive will be closed


    End of the scan: jeudi 23 octobre 2008 22:38
    Used time: 1:01:22 Hour(s)

    The scan has been done completely.

    7391 Scanning directories
    423696 Files were scanned
    12 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    12 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    423681 Files not concerned
    8582 Archives were scanned
    4 Warnings
    12 Notes

    24 Octobre 2008 00:13:31

    J'ai relancé un nouveau scan, aucune infection détecté. Cependant, j'ai toujours des doutes...
    a b 8 Sécurité
    24 Octobre 2008 17:30:33

    Reposte un rapport Hijackthis. Pourquoi tu as des doutes ?
    24 Octobre 2008 19:31:19

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:25:15, on 24/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)

    --
    End of file - 10328 bytes

    J'ai des doutes parceque je ne maîtrise aucune des étapes de la désinfection... Je suis plutôt des gens qui essaient de comprendre ce qu'il font.

    Toujours est-il que cela ne me soustrait pas aux remerciements qui te sont, largement, dus :-).
    a b 8 Sécurité
    24 Octobre 2008 20:14:33

    C'est apparemment propre ;) 

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    24 Octobre 2008 23:00:58

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, October 24, 2008 10:59:02 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 24/10/2008
    Enregistrements dans la base antivirus Kaspersky : 1202661
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\
    E:\
    H:\
    K:\

    Statistiques de l'analyse:
    Total d'objets analysés: 87132
    Nombre de virus trouvés: 0
    Nombre d'objets infectés: 0 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 01:30:23

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\webappsstore.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\OfflineCache\index.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Historique\History.IE5\MSHist012008102420081025\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\temp\etilqs_lv1gVnYWXIgAMEGFEh81 L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\temp\etilqs_ro5MfWI9gXbWWID3MQ2e L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\temp\etilqs_ro5MfWI9gXbWWID3MQ2e-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Mehdi\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP422\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\$_hpcst$.hpc L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    25 Octobre 2008 11:51:24

    C'est clean.
    25 Octobre 2008 12:32:54

    Merki !
    Je m'en vais installer antivir sur les autres pc de mon réseau :-)
    a b 8 Sécurité
    25 Octobre 2008 12:47:10

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS