Se connecter / S'enregistrer
Votre question

Infection bagle

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Septembre 2008 07:01:08

Salut, j'ai ce que je pense etre une infection par un bagle, mais les outils tel que elibagla et autres combofix n'ont pas résolu le probleme.

La pluspart de mes logiciels de sécurité (norton, spybot, ...) ne marchent plus, mes cartes sons déconnent, enfin bref, la joie.
J'ai fait des scans avec malwarebytes, avg, ad aware, ... Qui n'ont rien donné, je ne sais plus que faire.

A l'aide SVP.

Autres pages sur : infection bagle

30 Septembre 2008 07:37:46

Ci joint mon rapport combo fix, après moultes tatonnements

ComboFix 08-09-28.03 - Compaq_Propri‚taire 2008-09-30 4:03:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.569 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Antibagle.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@clickintext[1].txt
C:\InfoSat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\MSINET.oca
D:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 02:56 . 2008-09-30 02:56 250 --a------ C:\WINDOWS\gmer.ini
2008-09-29 13:42 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-09-29 13:40 . 2008-09-29 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-29 13:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-29 11:38 . 2008-09-29 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-27 19:51 . 2008-09-27 19:51 <REP> d-------- C:\Muestras
2008-09-27 18:45 . 2008-09-27 18:45 <REP> d-------- C:\WINDOWS\55A6283C638A4EE0B49151118554BDA2.TMP
2008-09-26 18:34 . 2008-09-26 18:34 <REP> d-------- C:\VueScan
2008-09-26 16:54 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Oberon Media
2008-09-26 16:53 . 2008-09-26 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media
2008-09-25 15:35 . 2008-09-25 15:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-09-25 15:35 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-09-25 15:35 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-09-24 22:55 . 2008-09-24 22:56 120 --a------ C:\drmHeader.bin
2008-09-24 22:37 . 2008-09-25 02:01 <REP> d-------- C:\divx
2008-09-24 22:23 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DivX
2008-09-24 19:54 . 2008-09-24 19:54 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-09-24 19:53 . 2008-09-24 19:53 21,764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe
2008-09-24 19:52 . 2006-03-24 17:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-09-24 19:52 . 2006-03-24 17:09 237,568 --a------ C:\WINDOWS\system32\vp7dec.ax
2008-09-24 19:52 . 2005-10-25 13:10 53,248 --a------ C:\WINDOWS\system32\vp7dec_settings.cpl
2008-09-24 19:51 . 2008-09-24 19:51 599,570 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-09-24 19:49 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-09-24 19:49 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-24 19:49 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-24 18:57 . 2008-09-24 18:58 <REP> d-------- C:\Program Files\ConvertMovie 4.4
2008-09-24 05:33 . 2008-09-27 19:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 05:33 . 2008-09-24 05:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-24 04:57 . 2008-09-24 04:57 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD5.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD4.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD3.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD2.sys
2008-09-17 20:09 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECEE.sys
2008-09-17 20:08 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECED.sys
2008-09-17 13:06 . 2000-08-02 10:16 1,048,640 --a------ C:\WINDOWS\system32\wsecedit.dll
2008-09-16 03:18 . 2008-09-16 03:18 <REP> d-------- C:\WINDOWS\Logs
2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-09-16 02:12 . 2008-09-16 02:12 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 02:12 . 2008-09-16 02:12 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2008-09-16 02:12 . 2008-09-16 02:12 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-09-16 02:12 . 2008-09-16 02:12 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-09-16 02:12 . 2008-09-16 02:12 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 02:12 . 2008-09-16 02:12 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-09-16 02:12 . 2008-09-16 02:12 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-09-16 02:11 . 2008-09-16 02:11 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-16 02:11 . 2008-09-16 02:11 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF5.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF4.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB74.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB73.sys
2008-09-14 23:13 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD7.sys
2008-09-14 23:12 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD6.sys
2008-09-10 04:50 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-09-10 04:20 . 2008-09-10 04:20 <REP> d-------- C:\Program Files\Uniblue
2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 04:15 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 04:15 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 04:15 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 05:49 . 2008-09-09 05:52 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-09 05:43 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002950_.tmp
2008-09-09 03:11 . 2008-09-09 04:04 <REP> d-------- C:\WINDOWS\EHome
2008-09-08 18:42 . 2008-09-09 18:43 4,031 ---hs---- C:\WINDOWS\system32\dajldinq.ini
2008-09-08 18:40 . 2008-09-10 03:59 510,729 --ahs---- C:\WINDOWS\system32\QBKTDJjl.ini2
2008-09-08 18:40 . 2008-09-10 04:00 510,729 --ahs---- C:\WINDOWS\system32\QBKTDJjl.ini
2008-09-08 17:55 . 2008-09-17 11:27 <REP> d-------- C:\Program Files\DNA
2008-09-08 17:55 . 2008-09-08 17:55 <REP> d-------- C:\Program Files\BitTorrent
2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DNA
2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\BitTorrent
2008-09-07 00:18 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Alawar
2008-09-03 05:07 . 2008-09-03 05:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp6ED8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp43E8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp28E8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp1CE8E.FOT
2008-09-03 05:06 . 2008-09-06 23:05 <REP> d-------- C:\Program Files\GamesBar
2008-09-01 16:18 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Calendrier Xtra
2008-09-01 14:45 . 2008-09-01 14:45 <REP> d-------- C:\Program Files\LuckyTender
2008-09-01 14:12 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCC.sys
2008-09-01 14:11 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCB.sys
2008-09-01 01:00 . 2008-09-01 01:00 <REP> d-------- C:\Program Files\Nomad Factory
2008-08-31 16:43 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2B17BA39E.sys
2008-08-29 23:26 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC1.sys
2008-08-29 23:25 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC0.sys
2008-08-27 17:40 . 2006-10-26 15:29 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-08-27 17:40 . 2006-10-26 15:29 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-08-27 16:40 . 2006-09-21 16:45 84,992 --a------ C:\WINDOWS\system32\drivers\koreusb.sys
2008-08-27 16:40 . 2006-09-21 16:46 25,088 --a------ C:\WINDOWS\system32\drivers\koreavs.sys
2008-08-24 15:34 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D272B730B3.sys
2008-08-23 19:20 . 2008-08-23 19:20 <REP> d-------- C:\Program Files\Garritan Jazz Big Band
2008-08-23 10:06 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D232414DDE.sys
2008-08-22 22:46 . 2008-08-22 22:47 <REP> d-------- C:\Program Files\LiquidInstrument
2008-08-22 18:52 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D228CEB20A.sys
2008-08-21 02:18 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-03 13:14 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\LuckyTender
2008-08-02 15:03 . 2008-08-02 15:04 <REP> d-------- C:\Program Files\CDXTRACT4

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-29 10:14 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-27 16:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-27 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-27 16:44 --------- d-----w C:\Program Files\Norton 360
2008-09-26 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-25 13:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 16:57 --------- d-----w C:\Program Files\MOVAVI
2008-09-24 03:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-24 02:57 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-09-23 01:10 --------- d-----w C:\Program Files\VstPlugins
2008-09-16 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 21:30 --------- d-----w C:\Program Files\Best Service
2008-09-10 14:46 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
2008-09-09 18:38 --------- d-----w C:\Program Files\WinClamAVShield
2008-09-09 18:05 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-09-09 09:49 --------- d-----w C:\Program Files\Symantec
2008-09-09 09:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-09 09:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-09 09:48 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-05 13:22 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-09-04 16:25 --------- d-----w C:\Program Files\Wanadoo
2008-08-30 12:41 --------- d-----w C:\Program Files\Fichiers communs\Native Instruments
2008-08-27 15:40 --------- d-----w C:\Program Files\Native Instruments
2008-07-31 21:54 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26659B183.sys
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 11:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Bioshock
2008-07-29 06:40 --------- d--h--r C:\Documents and Settings\Compaq_Propriétaire\Application Data\SecuROM
2008-07-24 19:52 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2ABB8C36B.sys
2008-07-22 18:37 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2859F7D89.sys
2008-07-12 18:42 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D29D34FFEA.sys
2008-07-04 10:48 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2008-06-07 21:07 65,344 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-08-13 00:36 604 ---ha-w C:\Program Files\STLL Notifier
2007-06-03 03:06 134 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-05-29 21:47 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D206385595.sys
1996-12-04 22:00 73,184 ----a-w C:\Program Files\Fichiers communs\Dao2535.tlb
1996-12-02 16:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll
2007-05-01 17:35 524,260 --sha-w C:\WINDOWS\system32\pqstv.bak1
2007-05-01 21:33 524,101 --sha-w C:\WINDOWS\system32\pqstv.bak2
2007-04-28 02:35 522,608 --sha-w C:\WINDOWS\system32\stvwa.bak2
2007-04-28 10:40 510,082 --sha-w C:\WINDOWS\system32\stvwa.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]
2008-05-30 00:42 188416 --a------ C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"kX Mixer"="C:\WINDOWS\system32\kxmixer.exe" [2004-02-17 438784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-09-29 51048]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 172544]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= rddv1027.dll
"midi8"= rddv1027.dll
"vidc.X264"= x264vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
backup=C:\WINDOWS\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Registration .LNK]
backup=C:\WINDOWS\pss\Registration .LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlwatzhnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCD2000]
-ra------ 2005-06-15 11:34 536576 C:\WINDOWS\system32\bcd2kcpan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:34 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Applications\Bureau\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DJ Console]
--------- 2004-01-08 11:08 270336 C:\Applications\SON\Hercule DJC\DJConsoleMixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-07-13 03:38 1851392 C:\Program Files\Electronic Arts\EA Downloader\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2007-12-11 04:59 307200 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-11-09 19:29 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:34 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 20:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-31 13:11 98304 C:\Applications\Bureau\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 20:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-10-12 04:04 856072 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-24 04:56 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Applications\Players\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
--a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-13 17:12 49152 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-01-11 19:23 15961088 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"sp_rssrv"=2 (0x2)
"gusvc"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"StarWindService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"pr2amkwb"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Applications\Bureau\Daemon Tools\daemon.exe" -lang 1033
"AdobeUpdater"=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=C:\Applications\Players\Winamp\winampa.exe
"EoSudoku"=
"EoEngine"=
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Applications\\Internet\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Guild wars
"80:TCP"= 80:TCP:guild wars 2

R0 pe3amkwb;Reprobates Environment Driver (pe3amkwb);C:\WINDOWS\system32\drivers\pe3amkwb.sys [2007-08-20 64632]
R0 ps7amkwb;Reprobates Synchronization Driver (ps7amkwb);C:\WINDOWS\system32\drivers\ps7amkwb.sys [2007-08-20 68736]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-06-14 135936]
R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2007-04-01 81408]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe [2007-07-03 446464]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-02-19 162432]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-02-19 12032]
R2 MicroGuard;MicroGuard Copy Protection;C:\WINDOWS\system32\drivers\mgnt.sys [1997-10-09 40288]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2004-02-17 571776]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-01-29 48928]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000.SYS [2005-06-15 39648]
S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000WDM.SYS [2005-06-15 21600]
S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2003-06-12 34994]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2003-08-26 30080]
S3 NvnUsbAudio;NvnUsbAudio;C:\WINDOWS\system32\drivers\nvnusbaudio.sys [2007-05-04 25600]
S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-10-31 60698]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);C:\WINDOWS\system32\Drivers\ScratchAmp.sys [2003-01-31 22912]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 16896]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S4 pr2amkwb;Reprobates Drivers Auto Removal (pr2amkwb);C:\WINDOWS\system32\pr2amkwb.exe svc [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38410722-bc7d-11db-a009-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{531d722c-f1a5-11da-9efd-0017310e7e21}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994c5f83-9a47-11dc-a0bf-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42a4530-f1d8-11da-9f07-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec276cc-0645-11dd-a4a6-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb87633-f1c6-11da-9f06-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

*Newly Created Service* - COMHOST
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
HKU-Default-RunOnce-POSTRBT - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
HKU-Default-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{1FB5C8F6-82F0-49CE-BCD9-9C80DDA48E26} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-InfoData - C:\WINDOWS\system32\tanialdr.dll
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WindowsService - C:\WINDOWS\system32\xddahfwm.dll
MSConfigStartUp-WindowsUpdate - C:\WINDOWS\system32\xrjrhfed.dll


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xporter vers Microsoft Excel - C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485}
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05}
O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485} - -
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe -
O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - -
O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe -
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - -
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe -
O17 -: HKLM\CCS\Interface\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 04:17:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system\hpsysdrv.exe
.
**************************************************************************
.
Heure de fin: 2008-09-30 4:44:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 02:43:58

Avant-CF: 4ÿ088ÿ037ÿ376 octets libres
Après-CF: 3,977,338,880 octets libres

444 --- E O F --- 2008-09-10 02:46:37
a b 8 Sécurité
30 Septembre 2008 12:52:13

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    30 Septembre 2008 22:10:00

    Salut, merci de te pencher sur mon triste cas

    J'ai effectue un scan mbam qui à trouvé quelques clefs de registres infectées et les à virées.

    Par contre, norton ne marche toujours pas, spybot non plus, le mode sans échec est toujours aléatoire, et ma carte son redémarre toujours systématiquement avec toutes les entrées mutées et volume à zero.

    Je te met le log mbam

    Malwarebytes' Anti-Malware 1.27
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    30/09/2008 02:51:04
    mbam-log-2008-09-30 (02-51-04).txt

    Type de recherche: Examen rapide
    Eléments examinés: 47355
    Temps écoulé: 23 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM1f98a346.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM1f98a346.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iyvjzpod_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zlwatzhnk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iyvjzpod_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zlwatzhnk_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\taskmon.exe (Proxy.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    1 Octobre 2008 13:06:11

    Re,

  • Télécharge Catchme (Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.

    &

    Télécharge puis installe Hijackthis ([#ff0000]Trend Micro
  • )
    Poste ensuite un rapport dans ta prochaine réponse.
    AIDE : Comment utiliser Hijackthis v2.0.2
    1 Octobre 2008 14:57:19

    Salut, j'ai déjà fait un scan hijack this, qui à donné cela:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:16:31, on 30/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\kxmixer.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\jkos-Compaq_Propriétaire\binaries\ScanningProcess.exe
    C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\jkos-Compaq_Propriétaire\binaries\ScanningProcess.exe
    C:\Program Files\Defenza\pcd-as.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/aurigma/ImageUploader4.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/Fla...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
    O17 - HKLM\System\CCS\Services\Tcpip\..\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ADSLAutoconnect - Unknown owner - C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 10891 bytes

    Je tente un Gmer et je te poste le log
    1 Octobre 2008 14:58:31

    Voila aussi un log de scan Kapersky en ligne, si ça peut servir
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, September 30, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, September 30, 2008 04:44:38
    Records in database: 1275644
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - Critical Areas:
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage
    C:\Program Files
    C:\WINDOWS

    Scan statistics:
    Files scanned: 176205
    Threat name: 2
    Infected objects: 2
    Suspicious objects: 0
    Duration of the scan: 10:15:15


    File name / Threat name / Threats count
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.abv 1
    C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll Infected: not-a-virus:AdWare.Win32.Agent.fps 1

    The selected area was scanned.
    a b 8 Sécurité
    1 Octobre 2008 15:33:59

    Re,

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :files
    C:\WINDOWS\system32\dajldinq.ini
    C:\WINDOWS\system32\QBKTDJjl.ini2
    C:\WINDOWS\system32\QBKTDJjl.ini
    C:\WINDOWS\system32\pqstv.bak1
    C:\WINDOWS\system32\pqstv.bak2
    C:\WINDOWS\system32\stvwa.bak2
    C:\WINDOWS\system32\stvwa.ini2
    C:\Program Files\GamesBar
    C:\Program Files\LuckyTender
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\LuckyTender
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    :reg
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    &

    Réinstalle GoogleToolbarNotifier si nécessaire.
    1 Octobre 2008 15:41:27

    Voici le rapport de OT move it


    ========== FILES ==========
    C:\WINDOWS\system32\dajldinq.ini moved successfully.
    C:\WINDOWS\system32\QBKTDJjl.ini2 moved successfully.
    C:\WINDOWS\system32\QBKTDJjl.ini moved successfully.
    C:\WINDOWS\system32\pqstv.bak1 moved successfully.
    C:\WINDOWS\system32\pqstv.bak2 moved successfully.
    C:\WINDOWS\system32\stvwa.bak2 moved successfully.
    C:\WINDOWS\system32\stvwa.ini2 moved successfully.
    C:\Program Files\GamesBar moved successfully.
    C:\Program Files\LuckyTender\1.3.0 moved successfully.
    C:\Program Files\LuckyTender moved successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\LuckyTender moved successfully.
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}\\ not found.

    OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10012008_153753
    a b 8 Sécurité
    1 Octobre 2008 15:42:34

    Reposte un rapport Hijackthis.
    1 Octobre 2008 15:46:30

    Voila le rapport hijack this

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:45:50, on 01/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\kxmixer.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\catchme.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll (file missing)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/aurigma/ImageUploader4.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/Fla...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
    O17 - HKLM\System\CCS\Services\Tcpip\..\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ADSLAutoconnect - Unknown owner - C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 10108 bytes
    a b 8 Sécurité
    1 Octobre 2008 15:48:42

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll (file missing)
    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
    1 Octobre 2008 15:49:00

    Sinon, j'ai lancé Gmer qui m'a ouvert une fenêtre DOS et me dit qu'il scanne, mais n'a plus l'air de bouger.

    Un truc que j'ai oublié de dire: j'ai essayé ce matin de désinstaller norton, mais il ne veux pas aller au bout de la désinstallation.
    a b 8 Sécurité
    1 Octobre 2008 15:49:37

    Tu as raté mon message ;) 
    1 Octobre 2008 15:55:51

    C'est OK, j'ai fixé les lignes que tu m'as donné avec hijack this, elles ont disparu du nouveau rapport.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:55:31, on 01/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\kxmixer.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\catchme.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/aurigma/ImageUploader4.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/Fla...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
    O17 - HKLM\System\CCS\Services\Tcpip\..\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ADSLAutoconnect - Unknown owner - C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 9747 bytes
    1 Octobre 2008 15:59:25

    Tiens, Gmer à bougé. Maintenant, il me dit:


    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
    1 Octobre 2008 17:21:18

    Est ce que tu penses que ma machine est propre maintenant?
    a b 8 Sécurité
    1 Octobre 2008 18:23:36

    Je pense :) 
    2 Octobre 2008 02:55:59

    Zut et flute, je croyais ma machine propre, mais j'ai essayé de réinstaller norton et spybot, et les deux me renvoyent toujours le même message d'erreur (... n'est pas une application win 32 valide) et refusent catégoriquement de se lancer.

    Par contre je n'ai plus de problème avec mes cartes son.

    J'ai donc besoin d'un petit rab d'aide si y a moyen.
    a b 8 Sécurité
    2 Octobre 2008 18:13:05

    Refais un scan Combofix pour voir.
    3 Octobre 2008 00:00:49

    Mon dernier log combofix:

    ComboFix 08-10-01.06 - Compaq_Propri‚taire 2008-10-02 22:16:26.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.445 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Antibagle.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-01 19:50 . 2008-10-01 19:54 <REP> d-------- C:\Program Files\Norton 360
    2008-10-01 19:48 . 2008-10-01 19:52 <REP> d-------- C:\Program Files\Symantec
    2008-10-01 19:48 . 2008-10-01 19:52 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-10-01 19:48 . 2008-10-01 19:52 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-10-01 15:37 . 2008-10-01 15:37 <REP> d-------- C:\_OTMoveIt
    2008-10-01 15:00 . 2008-10-01 15:00 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-10-01 10:38 . 2008-10-01 10:38 <REP> d-------- C:\KAV
    2008-09-30 07:12 . 2008-09-30 07:35 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-09-30 07:12 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\PC Tools
    2008-09-30 07:12 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-09-30 07:12 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-09-30 07:12 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-09-30 07:12 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-09-30 07:10 . 2008-09-30 07:10 3,120 --a------ C:\WINDOWS\system32\118290.54
    2008-09-30 07:10 . 2008-09-30 07:10 3,120 --a------ C:\WINDOWS\118294.78
    2008-09-30 07:09 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2008-09-30 07:09 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2008-09-30 05:49 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
    2008-09-30 05:49 . 2008-09-30 05:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-09-30 05:49 . 2008-09-30 05:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-09-30 05:48 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Oberon Media
    2008-09-30 05:47 . 2008-09-30 05:47 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-09-30 05:46 . 2008-09-30 05:46 <REP> d-------- C:\WINDOWS\Logs
    2008-09-30 05:27 . 2008-09-30 05:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-30 02:56 . 2008-09-30 02:56 250 --a------ C:\WINDOWS\gmer.ini
    2008-09-29 13:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-09-27 19:51 . 2008-09-27 19:51 <REP> d-------- C:\Muestras
    2008-09-26 18:34 . 2008-09-30 05:39 <REP> d-------- C:\VueScan
    2008-09-26 16:53 . 2008-09-26 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media
    2008-09-25 15:35 . 2008-09-30 05:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
    2008-09-25 15:35 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
    2008-09-25 15:35 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
    2008-09-24 22:55 . 2008-09-24 22:56 120 --a------ C:\drmHeader.bin
    2008-09-24 22:37 . 2008-09-25 02:01 <REP> d-------- C:\divx
    2008-09-24 22:23 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DivX
    2008-09-24 19:54 . 2008-09-24 19:54 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
    2008-09-24 19:53 . 2008-09-24 19:53 21,764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe
    2008-09-24 19:52 . 2006-03-24 17:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
    2008-09-24 19:52 . 2006-03-24 17:09 237,568 --a------ C:\WINDOWS\system32\vp7dec.ax
    2008-09-24 19:52 . 2005-10-25 13:10 53,248 --a------ C:\WINDOWS\system32\vp7dec_settings.cpl
    2008-09-24 19:51 . 2008-09-24 19:51 599,570 --a------ C:\WINDOWS\system32\x264vfw.dll
    2008-09-24 19:49 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-09-24 19:49 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-09-24 19:49 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-09-24 18:57 . 2008-09-30 05:40 <REP> d-------- C:\Program Files\ConvertMovie 4.4
    2008-09-24 05:33 . 2008-09-27 19:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-24 05:33 . 2008-09-24 05:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD5.sys
    2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD4.sys
    2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD3.sys
    2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD2.sys
    2008-09-17 20:09 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECEE.sys
    2008-09-17 20:08 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECED.sys
    2008-09-17 13:06 . 2000-08-02 10:16 1,048,640 --a------ C:\WINDOWS\system32\wsecedit.dll
    2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-09-16 02:12 . 2008-09-16 02:12 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2008-09-16 02:12 . 2008-09-16 02:12 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
    2008-09-16 02:12 . 2008-09-16 02:12 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
    2008-09-16 02:12 . 2008-09-16 02:12 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-09-16 02:12 . 2008-09-16 02:12 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2008-09-16 02:12 . 2008-09-16 02:12 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2008-09-16 02:12 . 2008-09-16 02:12 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
    2008-09-16 02:11 . 2008-09-16 02:11 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-09-16 02:11 . 2008-09-16 02:11 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF5.sys
    2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF4.sys
    2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB74.sys
    2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB73.sys
    2008-09-14 23:13 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD7.sys
    2008-09-14 23:12 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD6.sys
    2008-09-10 04:50 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
    2008-09-10 04:20 . 2008-09-10 04:20 <REP> d-------- C:\Program Files\Uniblue
    2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-10 04:15 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
    2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-10 04:15 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-10 04:15 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-09 05:49 . 2008-09-09 05:52 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-09 05:43 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002950_.tmp
    2008-09-09 03:11 . 2008-09-09 04:04 <REP> d-------- C:\WINDOWS\EHome
    2008-09-08 17:55 . 2008-09-17 11:27 <REP> d-------- C:\Program Files\DNA
    2008-09-08 17:55 . 2008-09-08 17:55 <REP> d-------- C:\Program Files\BitTorrent
    2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DNA
    2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\BitTorrent
    2008-09-07 00:18 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Alawar
    2008-09-03 05:07 . 2008-09-03 05:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
    2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp6ED8E.FOT
    2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp43E8E.FOT
    2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp28E8E.FOT
    2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp1CE8E.FOT

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-02 20:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-10-01 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-01 17:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Symantec
    2008-10-01 17:52 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-10-01 17:52 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-09-30 05:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-30 05:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-30 03:47 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-09-30 03:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-09-30 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-30 03:45 --------- d-----w C:\Program Files\VstPlugins
    2008-09-30 03:40 --------- d-----w C:\Program Files\MOVAVI
    2008-09-30 03:38 --------- d-----w C:\Program Files\Spyware Terminator
    2008-09-29 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-09-14 21:30 --------- d-----w C:\Program Files\Best Service
    2008-09-10 14:46 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
    2008-09-09 18:38 --------- d-----w C:\Program Files\WinClamAVShield
    2008-09-09 18:05 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
    2008-09-05 13:22 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
    2008-09-04 16:25 --------- d-----w C:\Program Files\Wanadoo
    2008-09-01 14:26 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Calendrier Xtra
    2008-09-01 12:12 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCC.sys
    2008-09-01 12:11 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCB.sys
    2008-08-31 23:00 --------- d-----w C:\Program Files\Nomad Factory
    2008-08-31 14:43 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2B17BA39E.sys
    2008-08-30 12:41 --------- d-----w C:\Program Files\Fichiers communs\Native Instruments
    2008-08-29 21:26 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC1.sys
    2008-08-29 21:25 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC0.sys
    2008-08-27 15:40 --------- d-----w C:\Program Files\Native Instruments
    2008-08-24 13:34 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D272B730B3.sys
    2008-08-23 17:20 --------- d-----w C:\Program Files\Garritan Jazz Big Band
    2008-08-23 08:06 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D232414DDE.sys
    2008-08-22 20:47 --------- d-----w C:\Program Files\LiquidInstrument
    2008-08-22 16:52 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D228CEB20A.sys
    2008-08-02 13:04 --------- d-----w C:\Program Files\CDXTRACT4
    2008-07-31 21:54 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26659B183.sys
    2008-07-24 19:52 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2ABB8C36B.sys
    2008-07-22 18:37 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2859F7D89.sys
    2008-07-12 18:42 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D29D34FFEA.sys
    2008-07-04 10:48 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
    2008-06-07 21:07 65,344 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2007-08-13 00:36 604 ---ha-w C:\Program Files\STLL Notifier
    2007-06-03 03:06 134 ----a-w C:\Program Files\satsukidecodersettings.ini
    2007-05-29 21:47 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D206385595.sys
    1996-12-04 22:00 73,184 ----a-w C:\Program Files\Fichiers communs\Dao2535.tlb
    1996-12-02 16:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-30_ 4.43.30.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-05 04:29:52 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
    + 2008-10-01 17:48:46 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
    - 2008-09-09 09:10:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-10-01 17:34:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-09-09 09:10:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-10-01 17:34:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-09-09 09:10:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-10-01 17:34:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-07-30 15:42:12 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    + 2008-01-12 18:32:00 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    - 2008-06-13 12:13:38 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
    + 2008-02-05 19:34:43 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
    - 2008-06-13 12:13:38 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
    + 2008-02-05 19:34:43 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
    - 2008-06-13 12:13:38 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
    + 2008-02-05 19:34:43 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
    - 2008-06-13 12:14:02 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
    + 2008-02-06 21:43:53 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
    - 2008-06-13 12:13:38 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
    + 2008-02-05 19:34:43 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
    - 2008-06-13 12:13:40 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
    + 2008-02-05 19:34:43 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
    - 2008-06-13 12:13:38 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
    + 2008-02-05 19:34:43 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
    - 2008-06-13 12:13:40 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
    + 2008-02-05 19:34:43 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
    - 2008-09-09 09:13:46 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-30 05:14:37 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-09-09 09:13:47 85,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-09-30 05:14:37 85,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-09-09 09:13:46 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-30 05:14:37 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-09-09 09:13:47 512,286 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-09-30 05:14:37 512,286 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2007-06-17 16:30:45 1,121,372 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    + 2008-09-30 03:49:30 29,290,452 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    - 2008-06-13 12:45:48 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
    + 2008-02-20 01:06:11 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
    - 2008-06-13 12:45:44 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
    + 2008-02-20 01:06:11 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
    + 2008-10-02 20:36:09 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
    @="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
    [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
    2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
    @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
    [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
    2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
    @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
    [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
    2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
    "kX Mixer"="C:\WINDOWS\system32\kxmixer.exe" [2004-02-17 438784]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 172544]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-24 185896]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-09-28 51048]
    "osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-09-28 988512]
    "C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableStatusMessages"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-05 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi2"= rddv1027.dll
    "midi8"= rddv1027.dll
    "vidc.X264"= x264vfw.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
    backup=C:\WINDOWS\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
    backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
    backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Registration .LNK]
    backup=C:\WINDOWS\pss\Registration .LNKStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlwatzhnk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    -ra------ 2007-03-01 10:37 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCD2000]
    -ra------ 2005-06-15 11:34 536576 C:\WINDOWS\system32\bcd2kcpan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 19:34 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 12:48 157592 C:\Applications\Bureau\Daemon Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DJ Console]
    --------- 2004-01-08 11:08 270336 C:\Applications\SON\Hercule DJC\DJConsoleMixer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    --a------ 2006-07-13 03:38 1851392 C:\Program Files\Electronic Arts\EA Downloader\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2007-12-11 04:59 307200 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    --a------ 2005-11-09 19:29 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-04-13 19:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2006-02-24 20:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-01-31 13:11 98304 C:\Applications\Bureau\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    --a------ 2004-12-13 20:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-09-24 04:56 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2006-05-25 19:35 35328 C:\Applications\Players\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    --a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --a------ 2004-10-13 17:12 49152 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-01-11 19:23 15961088 C:\WINDOWS\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVG Anti-Spyware Guard"=2 (0x2)
    "sp_rssrv"=2 (0x2)
    "gusvc"=2 (0x2)
    "IDriverT"=3 (0x3)
    "CyberLink Media Library Service"=2 (0x2)
    "CLSched"=2 (0x2)
    "CLCapSvc"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "StarWindService"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "pr2amkwb"=2 (0x2)
    "LiveUpdate Notice"=2 (0x2)
    "LiveUpdate"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DAEMON Tools"="C:\Applications\Bureau\Daemon Tools\daemon.exe" -lang 1033
    "AdobeUpdater"=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "WinampAgent"=C:\Applications\Players\Winamp\winampa.exe
    "EoSudoku"=
    "EoEngine"=
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Applications\\Internet\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\ElectricSheep.scr"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:Guild wars
    "80:TCP"= 80:TCP:guild wars 2

    R0 pe3amkwb;Reprobates Environment Driver (pe3amkwb);C:\WINDOWS\system32\drivers\pe3amkwb.sys [2007-08-20 64632]
    R0 ps7amkwb;Reprobates Synchronization Driver (ps7amkwb);C:\WINDOWS\system32\drivers\ps7amkwb.sys [2007-08-20 68736]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-06-14 135936]
    R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2007-04-01 81408]
    R2 ADSLAutoconnect;ADSLAutoconnect;C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe [2007-07-03 446464]
    R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-02-19 162432]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-02-19 12032]
    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
    R2 MicroGuard;MicroGuard Copy Protection;C:\WINDOWS\system32\drivers\mgnt.sys [1997-10-09 40288]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2004-02-17 571776]
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-01-29 48928]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000.SYS [2005-06-15 39648]
    S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000WDM.SYS [2005-06-15 21600]
    S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2003-06-12 34994]
    S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2003-08-26 30080]
    S3 NvnUsbAudio;NvnUsbAudio;C:\WINDOWS\system32\drivers\nvnusbaudio.sys [2007-05-04 25600]
    S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-10-31 60698]
    S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);C:\WINDOWS\system32\Drivers\ScratchAmp.sys [2003-01-31 22912]
    S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 16896]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S4 pr2amkwb;Reprobates Drivers Auto Removal (pr2amkwb);C:\WINDOWS\system32\pr2amkwb.exe svc [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38410722-bc7d-11db-a009-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{531d722c-f1a5-11da-9efd-0017310e7e21}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42a4530-f1d8-11da-9f07-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec276cc-0645-11dd-a4a6-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb87633-f1c6-11da-9f06-4d6564696130}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

    *Newly Created Service* - CLTNETCNSERVICE
    *Newly Created Service* - COMHOST
    *Newly Created Service* - LIVEUPDATE_NOTICE
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    O8 -: E&xporter vers Microsoft Excel - C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
    O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485}
    O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05}
    O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485} - -
    O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - -
    O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe -
    O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe -
    O17 -: HKLM\CCS\Interface\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 80.10.246.1 81.253.149.2
    O17 -: HKLM\CCS\Interface\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
    O17 -: HKLM\CCS\Interface\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
    O17 -: HKLM\CCS\Interface\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 22:36:56
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system\hpsysdrv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-02 23:24:23 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-02 21:23:56
    ComboFix2.txt 2008-09-30 02:44:06

    Avant-CF: 7ÿ122ÿ612ÿ224 octets libres
    Après-CF: 7,147,495,424 octets libres

    465 --- E O F --- 2008-09-10 02:46:37
    a b 8 Sécurité
    3 Octobre 2008 16:20:36

    Euh t'as réinstallé les programmes qui déconnaient en fin de désinfection ?
    3 Octobre 2008 19:12:09

    Salut, oui, j'ai désinstallé et tenté de réinstaller et spybot, et norton. Les deux se réinstallent, mais quand j'essaye de les ouvrir, ils m'envoyent un message ... n'est pas une application win 32 valide et refusent de s'ouvrir. Je ne comprend pas pourquoi.
    a b 8 Sécurité
    3 Octobre 2008 19:14:54

    Bizarre.

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    20 Octobre 2008 12:31:19

    Salut, je reviens à la charge après deux semaines de dépit total.
    Tout à l'air de fonctionner normalement mais je ne peux toujours pas reinstaller ni Norton antivirus, ni spybot.
    Après plusieurs tentatives de nettoyage et de réinstallation de Norton, le centre de sécurité windows me le signale comme étant périmé ( ce qui n'est pas vrai). Quoi que je fasse Norton ne veux pas se lancer correctement, ni spybot.
    Je joins un rapport Gmer dans mon prochain message.
    20 Octobre 2008 13:16:49

    Salut, le scan Gmer s'est terminé par:
    aucune modification systeme détectée.
    Pourtant, à cause du mauvais fonctionnement de mes antivirus, je suis sûr qu'il doit rester une trace quelque part. J'ai fait plusieurs nettoyages de registre qui n'ont pas changé le problème. Je ne sais plus quoi faire de plus.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS