Votre question

Retour de virus difficile [ Résolue ]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Mars 2008 12:51:37

Bonjour à tous,

Je viens de finir il y a quelque minute de supprimer un virus qui m'empêche d'ouvrir des application win 32 [ enfin je pense ].

J'ai utiliser smitfraudix, msn.fix et clean.zip vu que combo.fix ne fonctionner pas je me permet de mettre un rapport hijackthis pour que vous me confirmer que mon pc est clean.

Merci d'avance

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:08, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\zipper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.crystaliz-community.net/;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6430 bytes

Autres pages sur : retour virus difficile resolue

16 Mars 2008 13:48:33

Bon je me suis tromper, le virus est partit mais est déjà de retour, je ne peut plus lancer d'application *.exe et donc je ne peut plus à nouveau utiliser combo.fix
Contenus similaires
16 Mars 2008 14:20:13

Re,

Impossible de le lancer, j'ai utiliser une version de combofix qui a fonctionner tu veux le rapport??
a b 8 Sécurité
16 Mars 2008 14:26:33

Ouaip. Mais il y a une erreur ou pas ?
16 Mars 2008 14:36:55

Voila ce que sa m'affiche quand je le lance.



Il me met également ceci :

a b 8 Sécurité
16 Mars 2008 17:06:40

Le rapport ?
16 Mars 2008 18:02:23

Re,

Voici le rapport :

ComboFix 08-03-14.4 - Propriétaire 2008-03-16 14:11:07.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.171 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.

2008-03-16 13:21 . 2008-03-16 13:39 <REP> d-------- C:\Program Files\Mu~Intensity
2008-03-16 10:22 . 2008-03-16 10:22 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-15 21:24 . 2008-03-16 11:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 21:24 . 2008-03-15 21:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 20:17 . 2008-03-15 20:58 <REP> d-------- C:\Program Files\Singles2
2008-03-15 16:45 . 2008-03-16 13:59 1,258 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-15 16:45 . 2008-03-15 16:45 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-03-15 16:44 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-15 16:44 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-15 16:44 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-15 16:44 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-15 16:44 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-15 16:44 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-15 16:44 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-15 16:02 . 2008-03-15 16:02 <REP> d-------- C:\Program Files\Bethesda Softworks
2008-03-15 14:36 . 2008-03-15 14:36 9,916,387 --a------ C:\upload_moi_SN513506590239.tar.gz
2008-03-15 13:58 . 2008-03-15 13:58 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-15 13:58 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-15 13:55 . 2008-03-15 13:55 <REP> d-------- C:\Program Files\Fraps
2008-03-10 18:55 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239.000\Voisinage réseau
2008-03-10 18:55 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239.000\Voisinage d'impression
2008-03-10 18:55 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239.000\Modèles
2008-03-10 18:55 . 2004-08-16 18:19 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Mes documents
2008-03-10 18:55 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Menu Démarrer
2008-03-10 18:55 . 2008-01-29 09:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Favoris
2008-03-10 18:55 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Bureau
2008-03-10 18:55 . 2008-01-29 09:55 <REP> d-------- C:\Documents and Settings\Administrateur.SN513506590239.000\Application Data\You've Got Pictures Screensaver
2008-03-09 14:14 . 2008-03-09 14:44 50 --a------ C:\plug_in.ini
2008-03-08 11:05 . 2008-03-08 11:05 <REP> d-------- C:\Program Files\macourteau
2008-03-08 10:59 . 2008-03-08 11:04 <REP> d-------- C:\Program Files\VirtualDJ
2008-03-08 09:48 . 2008-03-08 09:48 <REP> d-------- C:\Downloads
2008-03-08 09:48 . 2008-03-08 09:48 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2008-03-06 17:20 . 2008-03-06 17:20 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-03-06 17:15 . 2008-03-06 17:15 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\SystemRequirementsLab
2008-03-06 10:33 . 2008-03-06 10:34 <REP> d-------- C:\WINDOWS\Packs
2008-03-06 09:40 . 2008-03-06 09:44 2,757 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-05 22:35 . 2005-11-01 10:35 28,672 -ra------ C:\WINDOWS\system32\VModes.exe
2008-03-05 22:34 . 2008-03-05 22:35 <REP> d-------- C:\Program Files\S3
2008-03-05 22:32 . 2005-05-10 19:49 221,184 --a------ C:\WINDOWS\system32\slmdmsp.dll
2008-03-05 22:32 . 2005-05-10 19:50 192,512 --a------ C:\WINDOWS\system32\slmdmgx.dll
2008-03-05 22:32 . 2005-05-10 19:54 77,824 --a------ C:\WINDOWS\system32\slmdmco.dll
2008-03-05 22:32 . 2005-05-10 19:53 61,440 --a------ C:\WINDOWS\system32\slmdmsr.exe
2008-03-05 21:40 . 2008-03-05 21:40 <REP> d-------- C:\Program Files\ma-config.com
2008-03-05 21:40 . 2008-03-15 13:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
2008-03-05 17:18 . 2008-03-06 14:06 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Sierra
2008-03-05 17:17 . 2008-03-05 17:17 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 14:38 . 2008-03-05 14:39 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-03-05 14:25 . 2008-03-05 14:25 <REP> d-------- C:\Program Files\Sierra
2008-03-04 14:44 . 2008-03-04 14:44 <REP> d-------- C:\Program Files\VirginMega
2008-03-04 14:44 . 2008-03-04 14:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-04 14:41 . 2008-03-04 14:41 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-04 14:38 . 2008-03-04 14:39 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-04 13:46 . 2008-03-04 13:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-03-04 13:45 . 2008-03-04 13:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-03-04 13:36 . 2008-03-04 18:04 <REP> d-------- C:\Program Files\Free Easy Burner
2008-03-04 13:13 . 2008-03-04 13:13 <REP> d-------- C:\WINDOWS\system\iosubsys
2008-03-04 13:13 . 2008-03-04 13:13 <REP> d-------- C:\Program Files\Winamp
2008-03-04 11:58 . 2008-03-04 12:01 <REP> d-------- C:\Program Files\eMule
2008-03-04 09:37 . 2008-03-06 10:36 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-04 09:37 . 2008-03-06 09:44 39,538 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-04 09:33 . 2008-03-06 09:54 <REP> d-------- C:\WINDOWS\BricoPacks
2008-03-03 21:39 . 2008-03-03 21:40 <REP> d-------- C:\Program Files\LimeWire
2008-03-03 15:33 . 2008-03-03 21:59 <REP> d-------- C:\Program Files\LucasArts
2008-03-02 20:12 . 2008-03-02 20:12 <REP> d-------- C:\Program Files\uTorrent
2008-03-02 20:12 . 2008-03-16 10:25 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-02-29 21:14 . 2008-02-29 21:14 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 21:11 . 2008-02-29 21:11 <REP> d-------- C:\Deckard
2008-02-29 21:07 . 2008-02-29 21:07 250 --a------ C:\WINDOWS\gmer.ini
2008-02-28 22:17 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-02-28 22:17 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-02-28 22:17 . 2000-12-05 23:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-26 14:35 . 2008-03-03 10:44 <REP> d-------- C:\Program Files\TubeMaster
2008-02-25 00:03 . 2008-02-25 00:03 <REP> d-------- C:\Program Files\Realtek AC97
2008-02-25 00:02 . 2008-02-25 00:02 <REP> d-------- C:\Program Files\AMD
2008-02-25 00:02 . 2008-02-25 00:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-02-22 21:39 . 2008-03-07 16:56 <REP> d-------- C:\Program Files\Ro-Spirit client V2.5
2008-02-22 20:43 . 2008-02-22 20:43 <REP> d-------- C:\Program Files\Download Express
2008-02-22 20:43 . 2008-02-22 20:43 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MetaProducts
2008-02-22 20:30 . 2008-03-16 13:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 20:01 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-02-22 20:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-02-22 19:56 . 2008-02-22 19:56 <REP> d-------- C:\Program Files\Steinberg
2008-02-22 19:56 . 2008-02-22 20:00 <REP> d-------- C:\Program Files\Image-Line
2008-02-21 18:52 . 2008-02-21 19:38 <REP> d-------- C:\Program Files\Notepad ++
2008-02-21 07:39 . 2008-02-21 07:39 <REP> d-------- C:\Program Files\Avira
2008-02-21 07:39 . 2008-02-21 07:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-20 20:13 . 2008-02-20 20:14 <REP> d-------- C:\WINDOWS\vf_hip
2008-02-20 20:13 . 2008-02-20 20:13 <REP> d-------- C:\Program Files\Hide IP Platinum
2008-02-20 14:21 . 2008-02-20 14:25 50,691,432 --a------ C:\CAPTURE.AVI
2008-02-20 14:20 . 2008-02-20 14:24 <REP> d-------- C:\Program Files\VideoCap
2008-02-20 13:57 . 2008-02-20 13:57 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\River Past G5
2008-02-20 13:57 . 2008-02-20 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-02-19 20:32 . 2008-02-19 20:32 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software
2008-02-19 20:31 . 2008-03-15 13:58 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-19 20:31 . 2008-02-19 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-19 20:30 . 2008-02-19 20:30 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-18 20:44 . 2000-05-22 16:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-18 20:44 . 2004-02-05 21:53 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-02-18 20:44 . 2004-01-08 02:43 253,952 --a------ C:\WINDOWS\system32\histogram.ocx
2008-02-18 20:44 . 2004-01-09 11:54 188,416 --a------ C:\WINDOWS\system32\actsplash.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 11:49 --------- d-----w C:\Program Files\Java
2008-03-16 10:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 20:07 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-03-04 08:37 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-02 16:03 --------- d-----w C:\Program Files\Alice
2008-02-03 15:06 --------- d-----w C:\Program Files\Wirelwss LAN Utility
2008-02-03 13:50 --------- d-----w C:\Program Files\My Drivers
2008-02-03 12:18 --------- d-----w C:\Program Files\Realtek
2008-02-03 12:18 --------- d-----w C:\Program Files\DIFX
2008-02-03 09:37 --------- d-----w C:\Program Files\Aruba Networks
2008-02-02 17:03 --------- d-----w C:\Program Files\7-Zip
2008-02-02 15:51 --------- d-----w C:\Program Files\Lavalys
2008-02-02 15:31 --------- d-----w C:\Program Files\VIAudioi
2008-02-02 14:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-02 13:19 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-02 13:19 --------- d-----w C:\Program Files\Windows Live
2008-02-02 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 13:04 --------- d-----w C:\Program Files\VIA
2008-02-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-02 12:58 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-02-02 12:57 --------- d-----w C:\Program Files\iTunes
2008-02-02 12:57 --------- d-----w C:\Program Files\iPod
2008-02-02 12:56 --------- d-----w C:\Program Files\Bonjour
2008-02-02 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-02 12:55 --------- d-----w C:\Program Files\QuickTime
2008-02-02 12:53 --------- d-----w C:\Program Files\Apple Software Update
2008-02-02 12:52 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-02-02 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-02 12:45 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-29 09:03 --------- d-----w C:\Program Files\Sonic
2008-01-29 09:03 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-29 08:57 --------- d-----w C:\Program Files\CyberLink
2008-01-29 08:55 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-29 08:55 --------- d-----w C:\Program Files\Real
2008-01-29 08:55 --------- d-----w C:\Program Files\Learn2.com
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-01-29 08:55 --------- d-----w C:\Program Files\AOL 9.0
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-29 08:48 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-29 08:40 --------- d-----w C:\Program Files\Synaptics
2008-01-24 15:36 4,127,488 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
.
  1. <pre>
  2. ----a-w 291,928 2007-01-07 06:14:24 C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
  3. ----a-w 291,928 2007-01-07 07:14:24 C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
  4. </pre>



((((((((((((((((((((((((((((( snapshot_2008-03-15_17.06.27,76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 09:23:24 12,288 ----a-w C:\WINDOWS\assembly\GAC\cli_basetypes\1.0.8.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2008-03-16 09:23:21 32,256 ----a-w C:\WINDOWS\assembly\GAC\cli_cppuhelper\1.0.11.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2008-03-16 09:23:23 831,488 ----a-w C:\WINDOWS\assembly\GAC\cli_types\1.1.11.0__ce2cb7e279207b9e\cli_types.dll
+ 2008-03-16 09:23:24 8,192 ----a-w C:\WINDOWS\assembly\GAC\cli_ure\1.0.11.0__ce2cb7e279207b9e\cli_ure.dll
- 2008-03-15 15:12:30 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-16 09:28:20 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-03-15 15:12:30 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-16 09:28:21 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-03-15 15:12:32 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-16 09:28:22 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-03-15 15:12:33 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-16 09:28:22 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-15 15:12:35 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-16 09:28:23 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-03-15 15:12:36 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-16 09:28:24 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-03-15 15:12:38 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-16 09:28:25 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-03-15 15:12:40 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-16 09:28:26 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-03-15 15:12:28 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-03-16 09:28:18 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-03-16 09:23:24 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.0.cli_basetypes\8.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2008-03-16 09:23:23 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.0.cli_cppuhelper\11.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2008-03-16 09:23:24 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.0.cli_ure\11.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2008-03-16 09:23:24 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.1.1.cli_types\11.0.0.0__ce2cb7e279207b9e\policy.1.1.cli_types.dll
+ 2008-03-16 09:24:33 2,359,296 ----a-r C:\WINDOWS\Installer\{B087B0C3-F595-485A-B86B-73326BA8693A}\soffice.exe
+ 2005-02-05 18:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-03 17:53:57 48,640 ----a-w C:\WINDOWS\system32\drivers\sfdrv01.sys
+ 2005-02-23 15:59:54 6,656 ----a-w C:\WINDOWS\system32\drivers\sfhlp02.sys
+ 2004-12-03 10:20:41 20,544 ----a-w C:\WINDOWS\system32\drivers\sfsync02.sys
- 2008-03-09 09:33:31 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-16 10:47:52 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-13 23:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-12-13 23:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-12-14 00:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2006-03-20 16:26 516096 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-02-21 07:42 249896 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
--a------ 2007-11-03 20:34 1548288 C:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a------ 2003-09-04 03:39 106496 C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
--a------ 2003-06-13 15:58 282624 C:\PROGRA~1\Lexmark 3100 Series\LXBRKsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-10-08 03:14 81920 c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBoosterPro]
C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-16 21:19 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\UIUCU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-14 18:54 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2007-04-25 15:41 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\tribalman78\\counter-strike\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
R3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
R3 XG350XP;NB 802.11g XG350 Driver;C:\WINDOWS\system32\DRIVERS\WlanCTG.sys [2004-12-10 11:16]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-15 13:58]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c06e252-dcaf-11dc-9504-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:10:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 13:05:23 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 14:13:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
Temps d'accomplissement: 2008-03-16 14:14:56
ComboFix-quarantined-files.txt 2008-03-16 13:14:39
ComboFix2.txt 2008-03-15 14:44:11
ComboFix3.txt 2008-03-15 13:35:27
ComboFix4.txt 2008-03-10 17:14:23
ComboFix5.txt 2008-03-07 14:47:30
.
2008-03-11 20:36:00 --- E O F ---
a b 8 Sécurité
16 Mars 2008 19:50:51

Rien de bien méchant.

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Renv::
C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
16 Mars 2008 21:03:53

Re,

Voici le rapport combo.fix

ComboFix 08-03-14.4 - Propriétaire 2008-03-16 20:52:09.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.211 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\PropriÚtaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.

2008-03-16 15:19 . 2008-03-16 15:19 <REP> d-------- C:\Program Files\TweakDUN
2008-03-16 13:21 . 2008-03-16 13:39 <REP> d-------- C:\Program Files\Mu~Intensity
2008-03-16 10:22 . 2008-03-16 10:22 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-15 21:24 . 2008-03-16 11:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 21:24 . 2008-03-15 21:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 20:17 . 2008-03-15 20:58 <REP> d-------- C:\Program Files\Singles2
2008-03-15 16:45 . 2008-03-16 13:59 1,258 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-15 16:45 . 2008-03-15 16:45 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-03-15 16:44 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-15 16:44 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-15 16:44 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-15 16:44 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-15 16:44 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-15 16:44 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-15 16:44 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-15 16:02 . 2008-03-15 16:02 <REP> d-------- C:\Program Files\Bethesda Softworks
2008-03-15 14:36 . 2008-03-15 14:36 9,916,387 --a------ C:\upload_moi_SN513506590239.tar.gz
2008-03-15 13:58 . 2008-03-15 13:58 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-15 13:58 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-15 13:55 . 2008-03-15 13:55 <REP> d-------- C:\Program Files\Fraps
2008-03-10 18:55 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239.000\Voisinage réseau
2008-03-10 18:55 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239.000\Voisinage d'impression
2008-03-10 18:55 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SN513506590239.000\Modèles
2008-03-10 18:55 . 2004-08-16 18:19 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Mes documents
2008-03-10 18:55 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Menu Démarrer
2008-03-10 18:55 . 2008-01-29 09:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Favoris
2008-03-10 18:55 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur.SN513506590239.000\Bureau
2008-03-10 18:55 . 2008-01-29 09:55 <REP> d-------- C:\Documents and Settings\Administrateur.SN513506590239.000\Application Data\You've Got Pictures Screensaver
2008-03-09 14:14 . 2008-03-09 14:44 50 --a------ C:\plug_in.ini
2008-03-08 11:05 . 2008-03-08 11:05 <REP> d-------- C:\Program Files\macourteau
2008-03-08 10:59 . 2008-03-08 11:04 <REP> d-------- C:\Program Files\VirtualDJ
2008-03-08 09:48 . 2008-03-08 09:48 <REP> d-------- C:\Downloads
2008-03-08 09:48 . 2008-03-08 09:48 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2008-03-06 17:20 . 2008-03-06 17:20 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-03-06 17:15 . 2008-03-06 17:15 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\SystemRequirementsLab
2008-03-06 10:33 . 2008-03-06 10:34 <REP> d-------- C:\WINDOWS\Packs
2008-03-06 09:40 . 2008-03-06 09:44 2,757 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-05 22:35 . 2005-11-01 10:35 28,672 -ra------ C:\WINDOWS\system32\VModes.exe
2008-03-05 22:34 . 2008-03-05 22:35 <REP> d-------- C:\Program Files\S3
2008-03-05 22:32 . 2005-05-10 19:49 221,184 --a------ C:\WINDOWS\system32\slmdmsp.dll
2008-03-05 22:32 . 2005-05-10 19:50 192,512 --a------ C:\WINDOWS\system32\slmdmgx.dll
2008-03-05 22:32 . 2005-05-10 19:54 77,824 --a------ C:\WINDOWS\system32\slmdmco.dll
2008-03-05 22:32 . 2005-05-10 19:53 61,440 --a------ C:\WINDOWS\system32\slmdmsr.exe
2008-03-05 21:40 . 2008-03-05 21:40 <REP> d-------- C:\Program Files\ma-config.com
2008-03-05 21:40 . 2008-03-16 15:50 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
2008-03-05 17:18 . 2008-03-06 14:06 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Sierra
2008-03-05 17:17 . 2008-03-05 17:17 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 14:38 . 2008-03-05 14:39 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-03-05 14:25 . 2008-03-05 14:25 <REP> d-------- C:\Program Files\Sierra
2008-03-04 14:44 . 2008-03-04 14:44 <REP> d-------- C:\Program Files\VirginMega
2008-03-04 14:44 . 2008-03-04 14:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-04 14:41 . 2008-03-04 14:41 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-04 14:38 . 2008-03-04 14:39 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-04 13:46 . 2008-03-04 13:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Sonic
2008-03-04 13:45 . 2008-03-04 13:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Leadertech
2008-03-04 13:36 . 2008-03-04 18:04 <REP> d-------- C:\Program Files\Free Easy Burner
2008-03-04 13:13 . 2008-03-04 13:13 <REP> d-------- C:\WINDOWS\system\iosubsys
2008-03-04 13:13 . 2008-03-04 13:13 <REP> d-------- C:\Program Files\Winamp
2008-03-04 11:58 . 2008-03-04 12:01 <REP> d-------- C:\Program Files\eMule
2008-03-04 09:37 . 2008-03-06 10:36 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-04 09:37 . 2008-03-06 09:44 39,538 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-04 09:33 . 2008-03-06 09:54 <REP> d-------- C:\WINDOWS\BricoPacks
2008-03-03 21:39 . 2008-03-03 21:40 <REP> d-------- C:\Program Files\LimeWire
2008-03-03 15:33 . 2008-03-03 21:59 <REP> d-------- C:\Program Files\LucasArts
2008-03-02 20:12 . 2008-03-02 20:12 <REP> d-------- C:\Program Files\uTorrent
2008-03-02 20:12 . 2008-03-16 16:05 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-02-29 21:14 . 2008-02-29 21:14 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 21:11 . 2008-02-29 21:11 <REP> d-------- C:\Deckard
2008-02-29 21:07 . 2008-02-29 21:07 250 --a------ C:\WINDOWS\gmer.ini
2008-02-28 22:17 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-02-28 22:17 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-02-28 22:17 . 2000-12-05 23:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-26 14:35 . 2008-03-03 10:44 <REP> d-------- C:\Program Files\TubeMaster
2008-02-25 00:03 . 2008-02-25 00:03 <REP> d-------- C:\Program Files\Realtek AC97
2008-02-25 00:02 . 2008-02-25 00:02 <REP> d-------- C:\Program Files\AMD
2008-02-25 00:02 . 2008-02-25 00:02 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-02-22 21:39 . 2008-03-07 16:56 <REP> d-------- C:\Program Files\Ro-Spirit client V2.5
2008-02-22 20:43 . 2008-02-22 20:43 <REP> d-------- C:\Program Files\Download Express
2008-02-22 20:43 . 2008-02-22 20:43 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MetaProducts
2008-02-22 20:30 . 2008-03-16 13:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 20:01 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-02-22 20:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-02-22 19:56 . 2008-02-22 19:56 <REP> d-------- C:\Program Files\Steinberg
2008-02-22 19:56 . 2008-02-22 20:00 <REP> d-------- C:\Program Files\Image-Line
2008-02-21 18:52 . 2008-02-21 19:38 <REP> d-------- C:\Program Files\Notepad ++
2008-02-21 07:39 . 2008-02-21 07:39 <REP> d-------- C:\Program Files\Avira
2008-02-21 07:39 . 2008-02-21 07:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-20 20:13 . 2008-02-20 20:14 <REP> d-------- C:\WINDOWS\vf_hip
2008-02-20 20:13 . 2008-02-20 20:13 <REP> d-------- C:\Program Files\Hide IP Platinum
2008-02-20 14:21 . 2008-02-20 14:25 50,691,432 --a------ C:\CAPTURE.AVI
2008-02-20 14:20 . 2008-02-20 14:24 <REP> d-------- C:\Program Files\VideoCap
2008-02-20 13:57 . 2008-02-20 13:57 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\River Past G5
2008-02-20 13:57 . 2008-02-20 14:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2008-02-19 20:32 . 2008-02-19 20:32 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software
2008-02-19 20:31 . 2008-03-15 13:58 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-19 20:31 . 2008-02-19 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-19 20:30 . 2008-02-19 20:30 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-18 20:44 . 2000-05-22 16:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-18 20:44 . 2004-02-05 21:53 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-02-18 20:44 . 2004-01-08 02:43 253,952 --a------ C:\WINDOWS\system32\histogram.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 11:49 --------- d-----w C:\Program Files\Java
2008-03-16 10:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 20:07 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-03-04 08:37 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-02 16:03 --------- d-----w C:\Program Files\Alice
2008-02-03 15:06 --------- d-----w C:\Program Files\Wirelwss LAN Utility
2008-02-03 13:50 --------- d-----w C:\Program Files\My Drivers
2008-02-03 12:18 --------- d-----w C:\Program Files\Realtek
2008-02-03 12:18 --------- d-----w C:\Program Files\DIFX
2008-02-03 09:37 --------- d-----w C:\Program Files\Aruba Networks
2008-02-02 17:03 --------- d-----w C:\Program Files\7-Zip
2008-02-02 15:51 --------- d-----w C:\Program Files\Lavalys
2008-02-02 15:31 --------- d-----w C:\Program Files\VIAudioi
2008-02-02 14:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-02 13:19 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-02 13:19 --------- d-----w C:\Program Files\Windows Live
2008-02-02 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 13:04 --------- d-----w C:\Program Files\VIA
2008-02-02 13:03 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-02 12:58 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-02-02 12:57 --------- d-----w C:\Program Files\iTunes
2008-02-02 12:57 --------- d-----w C:\Program Files\iPod
2008-02-02 12:56 --------- d-----w C:\Program Files\Bonjour
2008-02-02 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-02 12:55 --------- d-----w C:\Program Files\QuickTime
2008-02-02 12:53 --------- d-----w C:\Program Files\Apple Software Update
2008-02-02 12:52 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-02-02 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-02 12:45 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-29 09:03 --------- d-----w C:\Program Files\Sonic
2008-01-29 09:03 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-01-29 08:58 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-29 08:57 --------- d-----w C:\Program Files\CyberLink
2008-01-29 08:55 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-01-29 08:55 --------- d-----w C:\Program Files\Real
2008-01-29 08:55 --------- d-----w C:\Program Files\Learn2.com
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-01-29 08:55 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-01-29 08:55 --------- d-----w C:\Program Files\AOL 9.0
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-29 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-29 08:48 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-29 08:40 --------- d-----w C:\Program Files\Synaptics
2008-01-24 15:36 4,127,488 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
.
  1. <pre>
  2. ----a-w 291,928 2007-01-07 06:14:24 C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
  3. ----a-w 291,928 2007-01-07 07:14:24 C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
  4. </pre>



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TweakDUN"="C:\Program Files\TweakDUN\tweakdun.exe" [2001-09-19 23:29 720896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2006-03-20 16:26 516096 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-02-21 07:42 249896 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
--a------ 2007-11-03 20:34 1548288 C:\Program Files\Hide IP Platinum\hideippla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a------ 2003-09-04 03:39 106496 C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
--a------ 2003-06-13 15:58 282624 C:\PROGRA~1\Lexmark 3100 Series\LXBRKsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-10-08 03:14 81920 c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBoosterPro]
C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-16 21:19 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\UIUCU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-14 18:54 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2007-04-25 15:41 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"clr_optimization_v2.0.50727_32"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\tribalman78\\counter-strike\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
R3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
R3 XG350XP;NB 802.11g XG350 Driver;C:\WINDOWS\system32\DRIVERS\WlanCTG.sys [2004-12-10 11:16]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-15 13:58]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c06e252-dcaf-11dc-9504-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:10:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 19:00:10 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 09:10:40 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 20:55:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
Temps d'accomplissement: 2008-03-16 20:56:23
ComboFix-quarantined-files.txt 2008-03-16 19:56:06
ComboFix2.txt 2008-03-16 13:14:57
ComboFix3.txt 2008-03-15 14:44:11
ComboFix4.txt 2008-03-15 13:35:27
ComboFix5.txt 2008-03-10 17:14:23
.
2008-03-11 20:36:00 --- E O F ---

Et voila le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:41, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.crystaliz-community.net/;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TweakDUN] C:\Program Files\TweakDUN\tweakdun.exe splash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6159 bytes

a b 8 Sécurité
16 Mars 2008 21:22:53

Supprime ces fichiers :
C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
C:\Documents and Settings\Propriétaire\Mes documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
17 Mars 2008 11:35:19

Re,

J'ai supprimer les deux fichiers.
a b 8 Sécurité
17 Mars 2008 13:21:38

Reposte un rapport Hijackthis.
17 Mars 2008 18:06:13

Re,

Voila le rapport ( Problème toujours present =) )


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:46, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.crystaliz-community.net/;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TweakDUN] C:\Program Files\TweakDUN\tweakdun.exe splash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6192 bytes
a b 8 Sécurité
17 Mars 2008 19:27:15

Apparemment ok.
17 Mars 2008 19:52:00

Re,

Et pourtant toujours ces problèmes de *.exe enfin ce n'est pas genant ( pour l'instant ) .
a b 8 Sécurité
17 Mars 2008 19:53:47

Mais c'est avec tous les .exe ?
18 Mars 2008 07:17:35

Re,

Non pas tous, certain se lance et d'autre non, le problème de win 32 m'as été afficher une fois, quand je passe AVG il ne trouve que des cookies et quand je passe antivir il ne trouve rien :S.
a b 8 Sécurité
18 Mars 2008 12:08:39

Il revient le Win32 ?

18 Mars 2008 18:46:32

Re,

Il y avait marquer qu'il y avait une erreur Win32 mais sa me l'as fait une seule fois, maintenant sa me met les anciennes erreurs.
a b 8 Sécurité
18 Mars 2008 19:36:05

Je vois pas /:
18 Mars 2008 19:47:20

Re,

Je viens de passer combofix et là miracle les fichiers */exe fonctionne, étrange ces vrais mais bon l'informatique est très étrange et remplie de mystère ^^

Merci pour ton aide.
a b 8 Sécurité
18 Mars 2008 20:12:50

Ok :D 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS