Votre question

infection malwares

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Septembre 2008 18:38:34

Bonjour mon pc est infecté par je ne sait quel(s) malwares:
exemple system alert dans la zone de notification
j'ai scanner avec malwarebytes' anti malware il a trouvé des malwares je les ai supprimé mais ça continu je post un log hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:59, on 14/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0F4FF575-F4C6-496C-A2D2-FA55DA5A2339} - C:\WINDOWS\system32\cl.dll
O2 - BHO: (no name) - {17D79270-FE65-4D20-BD08-E319B7EA2E1D} - C:\WINDOWS\system32\cl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B20978AE-3C3E-4DA6-AC3D-BB587AB8E0D1} - C:\WINDOWS\system32\cl.dll
O2 - BHO: (no name) - {D0A3B82A-1267-4BFF-AF40-2E135325CDC8} - C:\WINDOWS\system32\cl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstal...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

--
End of file - 5425 bytes

Autres pages sur : infection malwares

a b 8 Sécurité
14 Septembre 2008 19:50:36

Bonjour,

Analyse le fichier suivant sur le site VirusTotal puis donne moi le rapport :
C:\WINDOWS\system32\cl.dll
14 Septembre 2008 20:01:53

tu ve ce qui est dans info aditionelle?
Contenus similaires
a b 8 Sécurité
14 Septembre 2008 20:12:33

Nan avant :

Citation :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.19.0 2008.08.20 -
AntiVir 7.8.1.23 2008.08.20 -
Authentium 5.1.0.4 2008.08.20 -
Avast 4.8.1195.0 2008.08.19 -
AVG 8.0.0.161 2008.08.20 -
BitDefender 7.2 2008.08.20 -
CAT-QuickHeal 9.50 2008.08.19 -
ClamAV 0.93.1 2008.08.19 -
DrWeb 4.44.0.09170 2008.08.20 -
eSafe 7.0.17.0 2008.08.19 -
eTrust-Vet 31.6.6036 2008.08.19 -
Ewido 4.0 2008.08.20 -
F-Prot 4.4.4.56 2008.08.19 -
F-Secure 7.60.13501.0 2008.08.20 -
Fortinet 3.14.0.0 2008.08.20 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.20 -
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.20 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3370 2008.08.20 -
Norman 5.80.02 2008.08.20 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.19 -
Prevx1 V2 2008.08.20 -
Rising 20.58.22.00 2008.08.20 -
Sophos 4.32.0 2008.08.20 -
Sunbelt 3.1.1564.1 2008.08.20 -
Symantec 10 2008.08.20 -
TheHacker 6.3.0.5.054 2008.08.19 -
TrendMicro 8.700.0.1004 2008.08.20 -
VBA32 3.12.8.3 2008.08.20 -
ViRobot 2008.8.20.1342 2008.08.20 -
VirusBuster 4.5.11.0 2008.08.20 -
Webwasher-Gateway 6.6.2 2008.08.20 -
14 Septembre 2008 20:17:02

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.13.0 2008.09.12 -
AntiVir 7.8.1.28 2008.09.12 -
Authentium 5.1.0.4 2008.09.14 -
Avast 4.8.1195.0 2008.09.13 Win32:p odnuha-BJ
AVG 8.0.0.161 2008.09.14 BHO.O
BitDefender 7.2 2008.09.14 -
CAT-QuickHeal 9.50 2008.09.13 Rootkit.Podnuha.aab
ClamAV 0.93.1 2008.09.14 -
DrWeb 4.44.0.09170 2008.09.14 -
eSafe 7.0.17.0 2008.09.14 Suspicious File
eTrust-Vet 31.6.6086 2008.09.12 Win32/Kvol!generic
Ewido 4.0 2008.09.14 -
F-Prot 4.4.4.56 2008.09.14 W32/Podnuha.A.gen!Eldorado
F-Secure 8.0.14332.0 2008.09.14 -
Fortinet 3.113.0.0 2008.09.14 -
GData 19 2008.09.14 Win32:p odnuha-BJ
Ikarus T3.1.1.34.0 2008.09.14 Virus.Trojan.Win32.Pakes.cdw
K7AntiVirus 7.10.454 2008.09.13 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.09.14 -
McAfee 5383 2008.09.12 Boaxxe.dll
Microsoft 1.3903 2008.09.14 Trojan:Win32/Boaxxe.B
NOD32v2 3440 2008.09.13 -
Norman 5.80.02 2008.09.12 W32/Rootkit.OQD
Panda 9.0.0.4 2008.09.14 Suspicious file
PCTools 4.4.2.0 2008.09.14 Rootkit.Podnuha.Gen.2
Prevx1 V2 2008.09.14 Cloaked Malware
Rising 20.61.42.00 2008.09.12 RootKit.Win32.Podnuha.adc
Sophos 4.33.0 2008.09.14 -
Sunbelt 3.1.1633.1 2008.09.13 -
Symantec 10 2008.09.14 -
TheHacker 6.3.0.9.082 2008.09.14 -
TrendMicro 8.700.0.1004 2008.09.12 PAK_Generic.005
VBA32 3.12.8.5 2008.09.14 Trojan.Win32.Boaxxe
ViRobot 2008.9.12.1375 2008.09.12 -
VirusBuster 4.5.11.0 2008.09.14 Rootkit.Podnuha.Gen.2
Webwasher-Gateway 6.6.2 2008.09.14 -
a b 8 Sécurité
14 Septembre 2008 20:20:48

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    14 Septembre 2008 20:50:57

    ComboFix 08-09-14.01 - Administrateur 2008-09-14 20:45:31.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1641 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Cookies\administrateur@clickintext[1].txt
    C:\WINDOWS\system32\cl.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-14 16:42 . 2008-09-14 16:42 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-09-14 11:26 . 2008-09-14 11:26 <REP> d-------- C:\Program Files\IKEA HomePlanner
    2008-09-14 11:26 . 2008-09-14 11:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-13 22:20 . 2008-09-13 22:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-09-13 16:12 . 2008-09-13 16:12 <REP> d-------- C:\Program Files\Avira
    2008-09-13 15:08 . 2008-09-14 17:10 <REP> d-------- C:\Program Files\PremierOpinion
    2008-09-12 23:30 . 2008-09-14 16:37 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2008-09-10 17:53 . 2008-09-10 17:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-10 17:53 . 2008-09-10 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-10 17:53 . 2008-09-10 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-10 17:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-10 17:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-10 14:03 . 2008-09-10 14:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2008-09-10 13:47 . 2008-09-13 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-09-10 13:44 . 2008-09-10 13:44 <REP> d-------- C:\WINDOWS\Sun
    2008-09-10 13:44 . 2008-09-10 20:22 <REP> d-------- C:\Program Files\Google
    2008-09-10 13:43 . 2008-09-10 13:43 <REP> d-------- C:\Program Files\Java
    2008-09-10 13:43 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-10 13:41 . 2008-09-10 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-09-10 13:38 . 2008-09-10 13:39 <REP> d-------- C:\Program Files\LimeWire
    2008-09-06 23:10 . 2008-09-06 23:10 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-09-06 23:10 . 2008-07-22 16:59 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-09-06 23:10 . 2008-07-22 16:59 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-09-06 23:10 . 2008-07-22 16:59 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
    2008-09-06 22:25 . 2008-09-06 22:25 <REP> d-------- C:\Program Files\DivX
    2008-09-05 18:41 . 2008-09-05 18:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Go-Go Gourmet Chef of the Year
    2008-09-05 17:40 . 2008-09-05 18:54 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-05 17:38 . 2008-09-14 16:34 <REP> d-------- C:\Program Files\Gamenext
    2008-09-05 17:38 . 2008-09-05 17:38 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-09-03 19:14 . 2008-09-03 19:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ESET
    2008-09-02 20:45 . 2008-09-03 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-09-01 19:14 . 2008-09-06 23:39 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-08-31 22:29 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
    2008-08-31 22:29 . 2005-12-21 10:16 470,048 --a------ C:\WINDOWS\system32\ar5211.sys
    2008-08-31 21:56 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
    2008-08-31 21:56 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
    2008-08-31 21:51 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
    2008-08-31 21:50 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2008-08-31 21:50 . 2008-04-13 20:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2008-08-31 21:50 . 2008-04-14 04:34 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
    2008-08-31 21:50 . 2008-04-13 20:46 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2008-08-31 21:50 . 2008-04-13 20:46 15,232 --a------ C:\WINDOWS\system32\drivers\MPE.sys
    2008-08-31 21:50 . 2008-04-13 20:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2008-08-31 21:50 . 2008-04-13 20:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2008-08-31 21:50 . 2008-04-13 20:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2008-08-31 21:49 . 2008-08-31 21:49 <REP> d-------- C:\Program Files\ASUS
    2008-08-31 21:49 . 2008-04-13 20:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2008-08-31 21:49 . 2008-04-13 20:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2008-08-30 23:10 . 2008-08-30 23:10 268 --ah----- C:\sqmdata01.sqm
    2008-08-30 23:10 . 2008-08-30 23:10 244 --ah----- C:\sqmnoopt01.sqm
    2008-08-30 17:06 . 2008-08-30 17:06 268 --ah----- C:\sqmdata00.sqm
    2008-08-30 17:06 . 2008-08-30 17:06 244 --ah----- C:\sqmnoopt00.sqm
    2008-08-30 15:10 . 2008-08-30 17:05 <REP> d-------- C:\Program Files\Dofus
    2008-08-30 13:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-08-30 13:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-08-30 13:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-08-15 21:33 . 2008-08-15 21:33 126,976 --a------ C:\WINDOWS\War3Unin.exe
    2008-08-15 21:33 . 2008-08-15 21:35 23,563 --a------ C:\WINDOWS\War3Unin.dat
    2008-08-15 21:33 . 2008-08-15 21:33 2,829 --a------ C:\WINDOWS\War3Unin.pif
    2008-08-15 21:32 . 2008-09-07 00:07 <REP> d-------- C:\Program Files\Warcraft III
    2008-08-15 19:53 . 2008-08-15 19:53 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-08-15 19:53 . 2008-08-15 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
    2008-08-15 18:48 . 2008-08-15 19:53 <REP> d-------- C:\Program Files\Windows Live
    2008-08-15 18:48 . 2008-08-15 19:52 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-15 18:48 . 2008-09-01 16:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-15 16:39 . 2006-04-03 10:00 42,940 --a------ C:\WINDOWS\system32\net5211.inf
    2008-08-15 16:39 . 2005-12-21 10:15 26 --a------ C:\WINDOWS\system32\net5211.cat
    2008-08-15 13:44 . 2008-08-15 18:29 <REP> d-------- C:\temp
    2008-08-15 12:59 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
    2008-08-15 02:11 . 2008-08-15 02:11 109 --a------ C:\WINDOWS\GMouse.ini
    2008-08-15 01:54 . 2008-08-15 01:54 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-08-15 01:53 . 2008-08-15 01:53 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-08-15 01:53 . 2008-04-13 20:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2008-08-15 01:53 . 2008-08-15 01:53 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-08-15 01:53 . 2008-04-13 20:45 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2008-08-15 01:52 . 2008-04-13 18:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2008-08-15 01:52 . 2008-04-13 20:45 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2008-08-15 01:52 . 2008-04-13 20:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2008-08-15 01:51 . 2008-04-13 21:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2008-08-15 01:51 . 2008-04-13 20:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2008-08-15 01:50 . 2008-08-15 01:50 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-08-15 01:50 . 2008-04-13 21:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-08-15 01:48 . 2006-10-18 23:22 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
    2008-08-15 01:47 . 2008-08-15 01:47 <REP> d-------- C:\Program Files\VIA
    2008-08-15 01:44 . 2008-08-15 01:44 <REP> d-------- C:\WINDOWS\vnDrvBas
    2008-08-15 01:44 . 2006-11-01 23:21 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
    2008-08-15 01:44 . 2006-10-27 08:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
    2008-08-15 01:44 . 2008-06-25 06:36 43,520 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
    2008-08-15 01:44 . 2008-04-13 20:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2008-08-15 01:42 . 2008-08-15 01:42 <REP> d-------- C:\Program Files\Realtek
    2008-08-15 01:42 . 2008-08-15 16:15 <REP> d--h----- C:\Program Files\InstallShield Installation Information
    2008-08-15 01:42 . 2007-01-13 18:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-08-15 01:42 . 2008-08-15 01:42 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-08-15 01:42 . 2006-10-11 13:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-08-15 01:42 . 2008-08-15 01:42 9,617 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-08-15 01:42 . 2004-08-14 13:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
    2008-08-15 01:37 . 2008-09-13 21:23 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-08-15 00:55 . 2008-08-15 00:55 <REP> d-------- C:\Program Files\MSBuild
    2008-08-15 00:55 . 2008-08-15 00:55 <REP> d-------- C:\Program Files\Microsoft Works
    2008-08-15 00:52 . 2008-08-15 00:55 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-08-15 00:52 . 2008-09-10 17:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-15 00:51 . 2008-08-15 00:51 <REP> dr-h----- C:\MSOCache
    2008-08-14 23:52 . 2008-09-13 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-14 23:49 . 2008-08-14 23:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-08-14 23:49 . 2008-09-13 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-14 23:47 . 2008-08-14 23:57 <REP> d-------- C:\Program Files\NOS
    2008-08-14 23:47 . 2008-08-14 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-08-14 23:42 . 2008-08-14 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-08-14 23:41 . 2008-08-14 23:41 <REP> d-------- C:\Program Files\CCleaner
    2008-08-14 23:36 . 2008-08-14 23:36 <REP> d-------- C:\Program Files\Alwil Software
    2008-08-14 23:36 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-08-14 23:36 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-08-14 23:36 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2008-08-14 22:10 . 2008-08-14 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-08-14 22:00 . 2008-09-13 00:54 <REP> d-------- C:\Program Files\Opera
    2008-08-14 21:28 . 2008-08-14 21:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- C:\Program Files\Nero
    2008-08-14 21:26 . 2008-08-14 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-08-14 20:35 . 2008-08-14 20:35 <REP> d-------- C:\Program Files\Dial-a-fix-v0.60.0.24
    2008-08-14 20:14 . 2008-08-14 20:14 <REP> d-------- C:\Program Files\ma-config.com
    2008-08-14 20:14 . 2008-08-14 20:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-08-14 17:59 . 2006-08-10 04:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBVE.DLL
    2008-08-14 17:59 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBVE.DLL
    2008-08-14 17:57 . 2006-08-10 04:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBIE.DLL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-14 14:51 --------- d-----w C:\Program Files\microsoft frontpage
    2008-08-14 14:49 --------- d-----w C:\Program Files\Services en ligne
    2008-08-14 14:45 --------- d-----w C:\Program Files\Windows Plus
    2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-09-20 15:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
    --a------ 2006-09-22 06:01 139264 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2006-02-14 14:09 69632 C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    -r------- 2005-05-04 20:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    -r------- 2007-01-31 20:54 16116224 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    -r------- 2006-05-17 20:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S56B.tmp" /EF "HKCU"
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "nwiz"=nwiz.exe /install
    "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-18 9216]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-11 2829696]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0F4FF575-F4C6-496C-A2D2-FA55DA5A2339} - C:\WINDOWS\system32\cl.dll
    BHO-{17D79270-FE65-4D20-BD08-E319B7EA2E1D} - C:\WINDOWS\system32\cl.dll
    BHO-{B20978AE-3C3E-4DA6-AC3D-BB587AB8E0D1} - C:\WINDOWS\system32\cl.dll
    BHO-{D0A3B82A-1267-4BFF-AF40-2E135325CDC8} - C:\WINDOWS\system32\cl.dll
    Notify-!SASWinLogon - (no file)


    .
    ------- Examen suppl‚mentaire -------
    .
    R0 -: HKCU-Main,Start Page = google.fr/
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_b...
    C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
    C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
    C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-14 20:48:16
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\dllhost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-14 20:49:55 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-14 18:49:52

    Avant-CF: 184,961,232,896 octets libres
    AprŠs-CF: 185,084,526,592 octets libres

    268 --- E O F --- 2008-09-10 15:51:43
    a b 8 Sécurité
    14 Septembre 2008 21:03:27

    Reposte un rapport Hijackthis.
    15 Septembre 2008 18:13:53

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:13:50, on 15/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\utilman.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstal...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

    --
    End of file - 4874 bytes
    a b 8 Sécurité
    15 Septembre 2008 18:17:45

    Tu as encore des soucis ?
    15 Septembre 2008 18:40:39

    pr linstant non je revien si jen ai
    15 Septembre 2008 18:45:14

    je vous envoie mon raport hijack;
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33, on 2008-09-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\windows\hffext\hffsrv.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Documents and Settings\user\Application Data\Map Maker\MMManager.exe
    C:\WINDOWS\SYSTEM32\Explorer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.252:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.0.252
    F2 - REG:system.ini: Shell=Explorer.exe usbhelp.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe, explorer.exe,
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=091608 serial=DR12CUX-9009316-YHF lang=EN
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [System64] C:\WINDOWS\system32\ne0kS.dll.wsf
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Barsaka] explorer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [E06FDXRC_6617505] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\documents and settings\user\my documents\nokia n70\nokia pc suite 6\pcsuite.exe" -onlytray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\user\Local Settings\Application Data\smss.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Documents and Settings\user\My Documents\NOKIA N70\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Documents and Settings\user\My Documents\NOKIA N70\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: SunClock5.lnk = C:\Documents and Settings\user\Application Data\Map Maker\MMManager.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: D6A4ECB - Unknown owner - C:\WINDOWS\system32\1CBC09C8.EXE (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7323 bytes
    a b 8 Sécurité
    15 Septembre 2008 19:02:49

    Chacun son sujet.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS