Votre question

Rapport HijackThis suite a des pages webs redirigees

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Septembre 2008 15:06:20

Bonjour,

Suite a toutes sortes de petits soucis, je viens d'effectuer une analyse HijackThis dont voici le rapport. Quelqu'un pour me dire comment me debarasser des intrus ?
Merci beaucoup !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:28, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/webhp?sourceid=navclient
<http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...;
&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4
Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class)
- http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard
(AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6721 bytes

Autres pages sur : rapport hijackthis suite pages webs redirigees

5 Septembre 2008 18:14:52

S'il vous plait, quelqu'un pour me debarasser des saletes qui m'empechent de naviguer ?
Merci !
a b 8 Sécurité
5 Septembre 2008 18:26:17

Bonjour,

Tu as toujours des redirections ?
Contenus similaires
5 Septembre 2008 18:30:46

Malheureusement oui, j'ai toujours des redirections. Malwarebytes ne trouve rien du tout, ni AVG, ni Antivir. Des idees ?
Merci !
a b 8 Sécurité
5 Septembre 2008 18:33:10

Re,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
5 Septembre 2008 19:09:42

Merci. Je ne peux pas lancer Gmer, meme en mode sans echec. Apres avoir tout ferme, j'ai un premier warning " Loaded Gmer's driver version is incompatible with the currently running GMER application. You need to stop the driver with the command "net stop gmer" or restart your computer". Ensuite j'ai des messages d'erreur :
"C:\WINDOWS\system32\config\system: Le processus ne peut pas acceder au fichier car ce fichier est utilise par un autre processus"
Si j'essaie de faire le scan malgre tout j'ai le meme message en remplacant "config\system" par "config\software". J'ai pourtant arrete tout ce que je pouvais par le gestionnaire de programmes.
a b 8 Sécurité
5 Septembre 2008 19:19:52

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    5 Septembre 2008 22:04:16

    Bonsoir,

    Ca va beaucoup mieux suite au scan Combofix. En voici le rapport. Merci !

    ComboFix 08-09-04.09 - Lolo 2008-09-05 19:45:31.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.916 [GMT 2:00]
    Endroit: F:\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    /wow section - STAGE 40
    pv: No matching processes found


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\actskn43.ocx
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\mdm.exe
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdssl.dll
    C:\WINDOWS\system32\tdsslog.dll
    C:\WINDOWS\system32\tdssmain.dll
    C:\WINDOWS\system32\tdssservers.dat
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-05 18:42 . 2008-09-05 19:11 250 --a------ C:\WINDOWS\gmer.ini
    2008-09-05 15:19 . 2008-09-05 15:19 <REP> d-------- C:\Program Files\HostXperts
    2008-09-05 09:52 . 2008-09-05 09:52 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-09-04 17:52 . 2008-09-04 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
    2008-09-04 17:42 . 2008-09-04 17:59 2,138 --a------ C:\WINDOWS\system32\tmp.reg
    2008-09-04 17:40 . 2008-09-04 17:41 <REP> d-------- C:\Program Files\Smitfraud
    2008-09-04 11:36 . 2008-09-04 11:36 <REP> d--h----- C:\$AVG8.VAULT$
    2008-09-04 10:43 . 2005-01-04 21:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-04 10:43 . 2008-09-05 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-04 10:43 . 2005-01-04 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
    2008-09-04 10:43 . 2008-09-04 10:43 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-04 10:34 . 2008-09-04 10:34 <REP> d-------- C:\Program Files\AVG
    2008-09-04 10:34 . 2008-09-05 15:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-03 13:51 . 2008-09-03 13:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
    2008-08-25 09:43 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-08-25 09:43 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-08-25 09:43 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-08-25 09:43 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-08-25 09:43 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-08-25 09:43 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-08-25 09:43 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-08-25 09:43 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-08-25 09:43 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-23 13:19 . 2008-08-23 13:57 <REP> d-------- C:\Program Files\Sketchup
    2008-08-10 15:21 . 2008-09-05 08:24 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-08-10 15:21 . 2008-08-10 15:22 <REP> d-------- C:\Documents and Settings\Lolo\Application Data\Thunderbird
    2008-08-10 15:19 . 2008-08-10 23:44 <REP> d-------- C:\Program Files\Thunderbird

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-05 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-04 15:13 --------- d-----w C:\Program Files\Ad-aware 6
    2008-09-04 09:36 --------- d-----w C:\Program Files\Alcohol 120%
    2008-09-04 08:30 --------- d-----w C:\Program Files\AVG Anti-spy
    2008-09-03 13:56 --------- d-----w C:\Program Files\Zoom Player
    2008-08-27 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
    2008-08-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 14:44 --------- d-----w C:\Program Files\eMule
    2008-07-29 18:05 --------- d-----w C:\Program Files\FastStone Image Viewer
    2008-07-29 17:15 --------- d-----w C:\Documents and Settings\Lolo\Application Data\foobar2000
    2008-07-29 14:10 --------- d-----w C:\Program Files\Malwarebytes
    2008-07-29 14:10 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Malwarebytes
    2008-07-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-29 10:41 --------- d-----w C:\Program Files\Citrix
    2008-07-29 10:33 --------- d-----w C:\Program Files\BSplayer
    2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-21 07:24 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Skype
    2008-07-18 11:30 --------- d-----w C:\Documents and Settings\Lolo\Application Data\ICAClient
    2008-07-10 19:27 --------- d-----w C:\Program Files\Antivir
    2008-07-10 14:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-07-10 14:29 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 07:31 --------- d-----w C:\Program Files\pdf995
    2008-07-09 18:18 --------- d-----w C:\Program Files\Avira
    2008-07-09 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2007-09-11 19:30 61,480 ----a-w C:\Documents and Settings\Lolo\GoToAssistDownloadHelper.exe
    2006-05-27 09:54 124 ----a-w C:\Program Files\Panneau de configuration.lnk
    2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
    2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
    2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
    2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
    2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
    2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
    2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
    2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
    2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
    2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 65536]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
    "ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
    "ATIModeChange"="Ati2mdxx.exe" [2004-04-01 C:\WINDOWS\system32\Ati2mdxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.I263"= I263_32.drv
    "vidc.ptev"= ptevideo.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk
    backup=C:\WINDOWS\pss\Bitmeter2.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BT Broadband Desktop Help.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BT Broadband Desktop Help.lnk
    backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Lolo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Lolo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
    --a------ 2006-04-14 11:56 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    --a------ 2006-04-14 11:51 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 01:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-11-14 06:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YPCService"=3 (0x3)
    "S24EventMonitor"=2 (0x2)
    "matlabserver"=3 (0x3)
    "EPGService"=2 (0x2)
    "CachemanXPService"=2 (0x2)
    "AVG Anti-Spyware Guard"=2 (0x2)
    "SPTISRV"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccProxy"=2 (0x2)
    "SNDSrvc"=2 (0x2)
    "DJSNETCN"=2 (0x2)
    "ccISPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "Symantec Core LC"=2 (0x2)
    "SAVScan"=3 (0x3)
    "NSCService"=3 (0x3)
    "NPFMntor"=2 (0x2)
    "navapsvc"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "gusvc"=3 (0x3)
    "avg8wd"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
    "D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
    "C:\\Program Files\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
    "C:\\Program Files\\Xming\\Xming.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule tcp
    "4672:UDP"= 4672:UDP:emule udp

    R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-18 65664]
    R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2003-01-09 21264]
    R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2004-07-10 24576]
    S2 CoLinuxDriver;CoLinuxDriver;D:\coLinux\linux.sys [ ]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
    S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
    S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
    S4 CachemanXPService;CachemanXP;C:\PROGRA~1\Cacheman\CachemanXP.exe [2008-04-30 243200]
    S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df5-8ca4-11dc-ad32-000e359f3faf}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df6-8ca4-11dc-ad32-000e359f3faf}]
    \Shell\1\Command - RUNAUT~1\autorun.pif
    \Shell\2\Command - RUNAUT~1\autorun.pif
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\AVG Anti-spy\AVG Anti-Spyware 7.5\avgas.exe
    MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
    MSConfigStartUp-BitTorrent - C:\Program Files\Bittorrent\bittorrent.exe
    MSConfigStartUp-btbb_wcm_McciTrayApp - C:\Program Files\btbb_wcm\McciTrayApp.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Lolo\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-05 20:06:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\taskmgr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-05 20:11:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-05 18:11:42

    Pre-Run: 3,644,800,000 octets libres
    Post-Run: 3,557,127,680 octets libres

    261 --- E O F --- 2008-08-27 07:44:05
    a b 8 Sécurité
    6 Septembre 2008 12:28:58

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\tdssserf.dll


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Septembre 2008 13:21:37

    Bonjour et merci bien. Voici le rapport Combofix et HiJackThis. Desole pour les lignes coupees j'ai pourtant suivi les recommandations des tutos...

    ComboFix 08-09-04.09 - Lolo 2008-09-06 13:03:47.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.871 [GMT 2:00]
    Endroit: F:\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lolo\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    /wow section - STAGE 40


    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-06 11:05 . 2008-09-06 11:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-06 11:05 . 2008-09-06 11:05 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-05 18:42 . 2008-09-05 19:11 250 --a------ C:\WINDOWS\gmer.ini
    2008-09-05 15:19 . 2008-09-05 15:19 <REP> d-------- C:\Program Files\HostXperts
    2008-09-05 09:52 . 2008-09-05 09:52 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-09-04 17:52 . 2008-09-04 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Conceptworld
    2008-09-04 17:42 . 2008-09-04 17:59 2,138 --a------ C:\WINDOWS\system32\tmp.reg
    2008-09-04 17:40 . 2008-09-04 17:41 <REP> d-------- C:\Program Files\Smitfraud
    2008-09-04 11:36 . 2008-09-04 11:36 <REP> d--h----- C:\$AVG8.VAULT$
    2008-09-04 10:43 . 2005-01-04 21:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-09-04 10:43 . 2005-01-04 21:14 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-09-04 10:43 . 2005-01-04 21:38 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-04 10:43 . 2008-09-05 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-04 10:43 . 2005-01-04 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
    2008-09-04 10:43 . 2008-09-04 10:43 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-04 10:34 . 2008-09-04 10:34 <REP> d-------- C:\Program Files\AVG
    2008-09-04 10:34 . 2008-09-05 15:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-03 13:51 . 2008-09-03 13:51 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
    2008-08-25 09:43 . 2008-06-23 18:28 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-08-25 09:43 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-08-25 09:43 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-08-25 09:43 . 2008-06-23 18:28 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-08-25 09:43 . 2008-06-23 18:28 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-08-25 09:43 . 2008-06-23 18:28 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-08-25 09:43 . 2008-06-23 18:28 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-08-25 09:43 . 2008-06-23 18:28 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-08-25 09:43 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-08-23 13:19 . 2008-08-23 13:57 <REP> d-------- C:\Program Files\Sketchup
    2008-08-10 15:21 . 2008-09-06 11:21 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-08-10 15:21 . 2008-08-10 15:22 <REP> d-------- C:\Documents and Settings\Lolo\Application Data\Thunderbird
    2008-08-10 15:19 . 2008-08-10 23:44 <REP> d-------- C:\Program Files\Thunderbird

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-04 15:13 --------- d-----w C:\Program Files\Ad-aware 6
    2008-09-04 09:36 --------- d-----w C:\Program Files\Alcohol 120%
    2008-09-04 08:30 --------- d-----w C:\Program Files\AVG Anti-spy
    2008-09-03 13:56 --------- d-----w C:\Program Files\Zoom Player
    2008-08-27 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
    2008-08-23 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-03 14:44 --------- d-----w C:\Program Files\eMule
    2008-07-29 18:05 --------- d-----w C:\Program Files\FastStone Image Viewer
    2008-07-29 17:15 --------- d-----w C:\Documents and Settings\Lolo\Application Data\foobar2000
    2008-07-29 14:10 --------- d-----w C:\Program Files\Malwarebytes
    2008-07-29 14:10 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Malwarebytes
    2008-07-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-29 10:41 --------- d-----w C:\Program Files\Citrix
    2008-07-29 10:33 --------- d-----w C:\Program Files\BSplayer
    2008-07-23 18:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-21 07:24 --------- d-----w C:\Documents and Settings\Lolo\Application Data\Skype
    2008-07-18 11:30 --------- d-----w C:\Documents and Settings\Lolo\Application Data\ICAClient
    2008-07-10 19:27 --------- d-----w C:\Program Files\Antivir
    2008-07-10 14:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-07-10 14:29 --------- d-----w C:\Program Files\Yahoo!
    2008-07-10 07:31 --------- d-----w C:\Program Files\pdf995
    2008-07-09 18:18 --------- d-----w C:\Program Files\Avira
    2008-07-09 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2007-09-11 19:30 61,480 ----a-w C:\Documents and Settings\Lolo\GoToAssistDownloadHelper.exe
    2006-05-27 09:54 124 ----a-w C:\Program Files\Panneau de configuration.lnk
    2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
    2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
    2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
    2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
    2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
    2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
    2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
    2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
    2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
    2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
    2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
    2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 65536]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 110592]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 618496]
    "ATIPTA"="C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
    "ATIModeChange"="Ati2mdxx.exe" [2004-04-01 C:\WINDOWS\system32\Ati2mdxx.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.I263"= I263_32.drv
    "vidc.ptev"= ptevideo.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bitmeter2.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bitmeter2.lnk
    backup=C:\WINDOWS\pss\Bitmeter2.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BT Broadband Desktop Help.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BT Broadband Desktop Help.lnk
    backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Lolo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Lolo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
    --a------ 2006-04-14 11:56 569413 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    --a------ 2006-04-14 11:51 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 01:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-11-14 06:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YPCService"=3 (0x3)
    "S24EventMonitor"=2 (0x2)
    "matlabserver"=3 (0x3)
    "EPGService"=2 (0x2)
    "CachemanXPService"=2 (0x2)
    "AVG Anti-Spyware Guard"=2 (0x2)
    "SPTISRV"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccProxy"=2 (0x2)
    "SNDSrvc"=2 (0x2)
    "DJSNETCN"=2 (0x2)
    "ccISPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "Symantec Core LC"=2 (0x2)
    "SAVScan"=3 (0x3)
    "NSCService"=3 (0x3)
    "NPFMntor"=2 (0x2)
    "navapsvc"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "gusvc"=3 (0x3)
    "avg8wd"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
    "D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
    "C:\\Program Files\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
    "C:\\Program Files\\Xming\\Xming.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule tcp
    "4672:UDP"= 4672:UDP:emule udp

    R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-18 65664]
    R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2003-01-09 21264]
    R3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2004-07-10 24576]
    S2 CoLinuxDriver;CoLinuxDriver;D:\coLinux\linux.sys [ ]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
    S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
    S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
    S4 CachemanXPService;CachemanXP;C:\PROGRA~1\Cacheman\CachemanXP.exe [2008-04-30 243200]
    S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 361984]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df5-8ca4-11dc-ad32-000e359f3faf}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff547df6-8ca4-11dc-ad32-000e359f3faf}]
    \Shell\1\Command - RUNAUT~1\autorun.pif
    \Shell\2\Command - RUNAUT~1\autorun.pif
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 13:07:08
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 13:09:54
    ComboFix-quarantined-files.txt 2008-09-06 11:09:34
    ComboFix2.txt 2008-09-05 18:11:49

    Pre-Run: 3,505,721,856 octets libres
    Post-Run: 3,492,734,464 octets libres

    228 --- E O F --- 2008-08-27 07:44:05







    Le rapport HiJackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:19:42, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 6411 bytes
    a b 8 Sécurité
    6 Septembre 2008 13:35:43

    Re,

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    6 Septembre 2008 14:42:11

    Merci, voici le rapport SDFix et HiJackThis :

    SDFix: Version 1.221
    Run by Lolo on 06/09/2008 at 14:24

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\tdssserf.dll - Deleted

    Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer

    Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
    Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$



    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 14:36:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:9f0641ed
    "s2"=dword:e2970dbf
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DaemonTool\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:be,89,b6,ed,8c,3d,98,0d,9d,37,da,b5,51,df,26,e0,12,9d,54,35,d5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,4a,27,55,46,d3,d4,9a,03,5e,0a,36,a9,3a,f7,a7,20,6c,..
    "khjeh"=hex:e3,3b,67,9e,51,7a,13,76,ac,c6,b9,c8,68,1a,b5,b6,2a,2f,0a,1a,dc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:D e,e8,fe,6b,a4,e0,4b,bc,27,f3,78,57,ab,c9,15,5b,98,cd,95,f8,eb,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DaemonTool\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:be,89,b6,ed,8c,3d,98,0d,9d,37,da,b5,51,df,26,e0,12,9d,54,35,d5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,4a,27,55,46,d3,d4,9a,03,5e,0a,36,a9,3a,f7,a7,20,6c,..
    "khjeh"=hex:e3,3b,67,9e,51,7a,13,76,ac,c6,b9,c8,68,1a,b5,b6,2a,2f,0a,1a,dc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:D e,e8,fe,6b,a4,e0,4b,bc,27,f3,78,57,ab,c9,15,5b,98,cd,95,f8,eb,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"="C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe:*:Enabled:LiveUpdt"
    "D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe"="D:\\cygwin\\cygwin\\usr\\X11R6\\bin\\XWin.exe:*:Enabled:XWin"
    "C:\\Program Files\\VLC\\vlc.exe"="C:\\Program Files\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
    "C:\\Program Files\\Xming\\Xming.exe"="C:\\Program Files\\Xming\\Xming.exe:*:Enabled:Xming X Server"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    Remaining Files :

    C:\WINDOWS\Temp\bca4e2da.$$$ Found
    C:\WINDOWS\Temp\fa56d7ec.$$$ Found

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
    Sat 24 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa\setup.exe"
    Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
    Sat 11 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 23 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Tue 26 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT1.tmp"
    Tue 3 Jan 2006 21,504 A..H. --- "C:\Documents and Settings\Lolo\Application Data\Connectix\Virtual PC\VPCKeyboard.dll"

    Finished!






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:42:05, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 6411 bytes
    7 Septembre 2008 10:49:31

    Beaucoup plus tard(desole), voici le rapport MBR :
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    MBR rootkit code detected !
    malicious code @ sector 0x6fc79ab size 0x1fd !
    copy of MBR has been found in sector 62 !
    MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

    Je lance "mbr.exe -f" ?

    Bon dimanche.
    7 Septembre 2008 12:16:37

    Télécharges CCleaner, Spybot, Avg et Malwarebyte's.

    En mode sans échec, faits les 4 Anti-virus, et tu verras que problème sera résolu.


    j'avais le même problème que toi, et quand j'ai fait ça, j'avais plus rien^^
    a b 8 Sécurité
    7 Septembre 2008 16:37:06

    Citation :
    Je lance "mbr.exe -f" ?

    Oui ;) 
    7 Septembre 2008 18:59:35

    Et voici le nouveau rapport mbr et le rapport HiJackThis :

    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:55:28, on 07/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3.jet.efda.org/htbin/setup_proxies.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 6411 bytes
    a b 8 Sécurité
    7 Septembre 2008 19:21:23

    Relance un scan avec MBR pour voir.
    7 Septembre 2008 19:27:09

    Meme rapport:
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    a b 8 Sécurité
    7 Septembre 2008 19:29:55

    Ton pc se comporte mieux ?
    7 Septembre 2008 19:32:47

    Beaucoup mieux merci !
    a b 8 Sécurité
    7 Septembre 2008 19:34:38

    Tu as des questions ? :) 
    7 Septembre 2008 19:41:52

    Non, c'est bon merci, tu peux fermer le topic !
    a b 8 Sécurité
    7 Septembre 2008 19:59:13

    On ne ferme pas les topics ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS