Votre question

infection smitfraud core cache

Tags :
  • Cache
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Janvier 2008 19:31:23

bonjour,

spybot a trouvé smitfraud core.cache.dsk et impossible de le supprimer,
de là , des fenêtres d'IE n'arretent pas d'apparaitre
comment puis-je m'en débarasser?
merci d'avance pour votre aide.

Autres pages sur : infection smitfraud core cache

a b 8 Sécurité
29 Janvier 2008 19:36:03

Bonjour,

Quel emplacement ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
29 Janvier 2008 19:51:01

bonjour angeldark,

merci pour ta réponse trés rapide, il se trouve dans C:\WINDOWS\system32\drivers

je te poste le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:48:25, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Contenus similaires
a b 8 Sécurité
29 Janvier 2008 19:55:10

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    29 Janvier 2008 20:13:21

    scan terminé,et voilà

    ComboFix 08-01-29.3 - laurent 2008-01-29 20:03:24.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1436 [GMT 1:00]
    Endroit: C:\Documents and Settings\laurent\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-29 19:45 . 2008-01-29 19:45 <REP> d-------- C:\Program Files\Freeplayer
    2008-01-29 19:11 . 2008-01-29 19:48 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-01-29 19:11 . 2008-01-29 19:47 <REP> d-------- C:\Documents and Settings\laurent\Application Data\vlc
    2008-01-28 23:35 . 2008-01-29 00:15 265 --a------ C:\WINDOWS\wininit.ini
    2008-01-28 23:00 . 2008-01-28 23:00 86,144 --a------ C:\WINDOWS\system32\drivers\mrxsmbb.sys
    2008-01-28 23:00 . 2008-01-29 20:08 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-01-27 22:23 . 2008-01-27 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
    2008-01-27 01:49 . 2008-01-27 01:49 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-01-27 01:48 . 2008-01-27 01:48 <REP> d--h----- C:\Documents and Settings\laurent\InstallAnywhere
    2008-01-25 20:01 . 2008-01-25 20:02 14,565,344 --a------ C:\France 2 - 05-01-2008 21h09 2h.ts
    2008-01-25 19:48 . 2008-01-25 19:48 <REP> d-------- C:\Program Files\IZArc
    2008-01-24 18:39 . 2008-01-24 18:39 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SEGA
    2008-01-23 18:09 . 2008-01-23 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-01-23 18:04 . 2007-03-14 01:57 144,896 -ra------ C:\WINDOWS\system32\libsyslic1.original.dll
    2008-01-23 11:58 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
    2008-01-23 11:58 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
    2008-01-23 11:58 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
    2008-01-23 11:58 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
    2008-01-23 11:58 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
    2008-01-23 11:58 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
    2008-01-23 11:58 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
    2008-01-23 11:58 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
    2008-01-23 11:58 . 2008-01-23 11:58 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
    2008-01-23 11:58 . 2008-01-23 11:58 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
    2008-01-23 11:57 . 2008-01-25 18:27 11 --a------ C:\trace.ini
    2008-01-23 00:30 . 2008-01-23 00:30 <REP> d-------- C:\Program Files\Red Kawa
    2008-01-22 23:35 . 2008-01-22 23:51 <REP> d-------- C:\Program Files\Videora
    2008-01-22 23:29 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
    2008-01-22 23:29 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
    2008-01-22 23:29 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\iTunes
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\iPod
    2008-01-22 22:56 . 2008-01-29 19:36 <REP> d-------- C:\Program Files\Bonjour
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Apple Computer
    2008-01-22 22:56 . 2008-01-29 20:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-22 22:56 . 2008-01-22 22:56 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-22 22:55 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\QuickTime
    2008-01-22 22:55 . 2008-01-22 22:55 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-22 22:55 . 2008-01-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-22 22:55 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-01-22 22:54 . 2008-01-22 22:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-01-22 22:54 . 2008-01-22 22:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-21 00:04 . 2008-01-21 00:04 <REP> d-------- C:\Program Files\Diskeeper Corporation
    2008-01-21 00:04 . 2008-01-21 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
    2008-01-20 23:58 . 2008-01-20 23:58 <REP> d-------- C:\Diskeeper Pro Premier2007 (11.0.701.0)
    2008-01-20 22:11 . 2008-01-20 22:11 <REP> d-------- C:\Program Files\Windows Live
    2008-01-20 22:11 . 2008-01-20 22:11 268 --ah----- C:\sqmdata01.sqm
    2008-01-20 22:11 . 2008-01-20 22:11 244 --ah----- C:\sqmnoopt01.sqm
    2008-01-20 17:47 . 2008-01-28 23:07 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-20 17:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-20 15:38 . 2008-01-20 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-20 12:16 . 2008-01-20 17:52 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-01-20 12:14 . 2008-01-24 18:44 <REP> d-------- C:\Documents and Settings\laurent\Tracing
    2008-01-20 12:13 . 2008-01-20 12:13 268 --ah----- C:\sqmdata00.sqm
    2008-01-20 12:13 . 2008-01-20 12:13 244 --ah----- C:\sqmnoopt00.sqm
    2008-01-20 12:11 . 2008-01-23 18:06 878,080 --a------ C:\WINDOWS\system32\iconv.dll
    2008-01-20 12:11 . 2008-01-23 18:06 721,920 --a------ C:\WINDOWS\system32\libxml2.dll
    2008-01-20 12:11 . 2008-01-23 18:06 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd
    2008-01-20 12:11 . 2008-01-23 18:06 150,016 --a------ C:\WINDOWS\system32\libxslt.dll
    2008-01-20 12:11 . 2007-03-24 12:45 57,344 -ra------ C:\WINDOWS\system32\libsyslic1.dll
    2008-01-20 12:11 . 2008-01-23 18:06 51,200 --a------ C:\WINDOWS\system32\libexslt.dll
    2008-01-20 12:11 . 2008-01-23 16:25 192 --a------ C:\WINDOWS\system32\libsyslic1.ls
    2008-01-20 12:09 . 2008-01-23 18:09 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SYSTRAN
    2008-01-20 12:09 . 2008-01-20 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SYSTRAN
    2008-01-20 12:07 . 2008-01-20 12:07 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-20 11:43 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
    2008-01-20 11:39 . 2008-01-20 11:39 <REP> d-------- C:\Program Files\MSBuild
    2008-01-20 11:39 . 2008-01-20 11:39 <REP> d-------- C:\Program Files\Microsoft Works
    2008-01-20 11:36 . 2008-01-20 11:39 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-01-20 11:36 . 2008-01-20 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-20 11:35 . 2008-01-20 11:35 <REP> dr-h----- C:\MSOCache
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-17 21:40 . 2008-01-17 21:40 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Ahead
    2008-01-17 21:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-17 21:38 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Nero
    2008-01-17 21:38 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-17 21:35 . 2008-01-17 21:35 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-01-17 21:19 . 2008-01-17 21:19 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-17 20:11 . 2008-01-17 20:11 <REP> d-------- C:\Documents and Settings\laurent\Application Data\ESET
    2008-01-17 20:11 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
    2008-01-17 20:09 . 2008-01-17 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-01-17 19:53 . 2008-01-17 19:53 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-01-17 19:35 . 2008-01-17 19:35 <REP> d-------- C:\Program Files\QuickPar
    2008-01-17 19:08 . 2008-01-28 22:33 <REP> d-------- C:\Documents and Settings\laurent\Application Data\GrabIt
    2008-01-17 18:54 . 2008-01-17 18:54 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-17 18:52 . 2008-01-17 18:59 <REP> d-------- C:\Program Files\GrabIt
    2008-01-17 18:41 . 2008-01-17 18:41 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
    2008-01-17 18:37 . 2008-01-17 18:37 <REP> d-------- C:\Documents and Settings\laurent\Application Data\TuneUp Software
    2008-01-17 18:36 . 2008-01-23 00:30 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-01-17 18:36 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
    2008-01-17 18:36 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
    2008-01-17 18:36 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
    2008-01-17 18:36 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
    2008-01-17 18:36 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-01-17 18:36 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
    2008-01-17 18:36 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
    2008-01-17 18:36 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
    2008-01-17 18:35 . 2008-01-17 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 18:48 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-01-20 09:21 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-17 16:59 --------- d-----w C:\Documents and Settings\laurent\Application Data\ma-config.com
    2008-01-17 15:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-17 15:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-17 15:12 --------- d-----w C:\Program Files\ma-config.com
    2008-01-17 14:43 --------- d-----w C:\Program Files\Sunbelt Software
    2008-01-17 14:36 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-17 14:33 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-17 14:31 --------- d-----w C:\Program Files\Services en ligne
    2008-01-17 14:30 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-07 21:39 49,444,403 ----a-w C:\WINDOWS\inf\TousLesPilotes.EXE
    2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
    2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
    2007-12-05 00:41 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
    2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    2007-11-19 09:27 269,312 ----a-w C:\WINDOWS\inf\yk51x86.sys
    2007-11-07 14:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-26 10:20 4,124,352 ----a-r C:\WINDOWS\inf\alcxwdm.sys
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\inf\nvwddi.dll
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\inf\nvmctray.dll
    2007-10-05 13:25 8,491,008 ----a-w C:\WINDOWS\inf\nvcpl.dll
    2007-10-05 13:25 6,854,368 ----a-w C:\WINDOWS\inf\nv4_mini.sys
    2007-10-05 13:25 6,750,208 ----a-w C:\WINDOWS\inf\nvoglnt.dll
    2007-10-05 13:25 6,344,704 ----a-w C:\WINDOWS\inf\nvdisps.dll
    2007-10-05 13:25 5,755,520 ----a-w C:\WINDOWS\inf\nv4_disp.dll
    2007-10-05 13:25 5,509,120 ----a-w C:\WINDOWS\inf\nvdispsr.dll
    2007-10-05 13:25 458,752 ----a-w C:\WINDOWS\inf\nvmccssr.dll
    2007-10-05 13:25 364,544 ----a-w C:\WINDOWS\inf\nvapi.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\inf\nvcodins.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\inf\nvcod.dll
    2007-10-05 13:25 3,629,056 ----a-w C:\WINDOWS\inf\nvvitvsr.dll
    2007-10-05 13:25 3,551,232 ----a-w C:\WINDOWS\inf\nvvitvs.dll
    2007-10-05 13:25 3,334,144 ----a-w C:\WINDOWS\inf\nvgames.dll
    2007-10-05 13:25 3,166,208 ----a-w C:\WINDOWS\inf\nvgamesr.dll
    2007-10-05 13:25 286,720 ----a-w C:\WINDOWS\inf\nvnt4cpl.dll
    2007-10-05 13:25 229,376 ----a-w C:\WINDOWS\inf\nvmccs.dll
    2007-10-05 13:25 2,854,912 ----a-w C:\WINDOWS\inf\nvmoblsr.dll
    2007-10-05 13:25 2,441,216 ----a-w C:\WINDOWS\inf\nvwssr.dll
    2007-10-05 13:25 2,371,584 ----a-w C:\WINDOWS\inf\nvwss.dll
    2007-10-05 13:25 188,416 ----a-w C:\WINDOWS\inf\nvmccss.dll
    2007-10-05 13:25 155,716 ----a-w C:\WINDOWS\inf\nvsvc32.exe
    2007-10-05 13:25 1,150,976 ----a-w C:\WINDOWS\inf\nvmobls.dll
    2007-04-16 14:28 577,536 ----a-w C:\WINDOWS\inf\SoundMan.exe
    2007-02-07 17:30 209,200 ----a-w C:\WINDOWS\inf\Si3114r5.sys
    2007-01-30 22:17 28,768 ----a-w C:\WINDOWS\inf\tifsfilt.sys
    2006-12-08 14:20 10,528,768 ----a-w C:\WINDOWS\inf\RTLCPL.exe
    2006-10-18 20:20 5,504 ----a-w C:\WINDOWS\inf\SiRemFil.sys
    2006-10-18 01:53 147,456 ----a-w C:\WINDOWS\inf\RtlCPAPI.dll
    2006-07-31 10:27 217,088 ----a-w C:\WINDOWS\inf\alcrmv.exe
    2006-07-01 21:42 43,520 ----a-w C:\WINDOWS\inf\AmdK8.sys
    2006-04-20 14:20 19,456 ----a-w C:\WINDOWS\inf\wf2ktunr.sys
    2006-04-20 13:50 59,776 ----a-w C:\WINDOWS\inf\wf2kvcap.sys
    2005-08-29 23:49 94,000 ----a-w C:\WINDOWS\inf\ssm_mdm.sys
    2005-08-29 23:49 8,336 ----a-w C:\WINDOWS\inf\ssm_mdfl.sys
    2005-08-29 23:49 6,176 ----a-w C:\WINDOWS\inf\ssm_cmnt.sys
    2005-08-29 23:49 6,176 ----a-w C:\WINDOWS\inf\ssm_cm.sys
    2005-08-29 23:47 6,768 ----a-w C:\WINDOWS\inf\ssm_wh95.sys
    2005-08-29 23:47 58,320 ----a-w C:\WINDOWS\inf\ssm_bus.sys
    2005-08-29 23:47 5,840 ----a-w C:\WINDOWS\inf\ssm_whnt.sys
    2005-08-29 23:47 5,840 ----a-w C:\WINDOWS\inf\ssm_wh.sys
    2005-05-27 09:36 372,736 ----a-r C:\WINDOWS\inf\LVUI2RC.dll
    2005-05-27 09:32 1,317,152 ----a-r C:\WINDOWS\inf\lvcm.sys
    2005-05-27 09:31 22,016 ----a-r C:\WINDOWS\inf\LVUSBSta.sys
    2005-05-27 09:29 204,800 ----a-r C:\WINDOWS\inf\LVUI2.dll
    2005-05-27 09:26 204,800 ----a-r C:\WINDOWS\inf\lvcodec2.dll
    2005-05-27 09:23 2,180,096 ----a-r C:\WINDOWS\inf\lvsvf2.sys
    2005-05-27 09:19 106,496 ----a-r C:\WINDOWS\inf\lvcoinst.dll
    2004-11-11 03:56 33,408 ----a-r C:\WINDOWS\inf\NVENETFD.sys
    2004-11-11 03:56 274,944 ----a-r C:\WINDOWS\inf\nvnrm.sys
    2004-11-11 03:56 208,128 ----a-r C:\WINDOWS\inf\nvsnpu.sys
    2004-11-11 03:56 12,928 ----a-r C:\WINDOWS\inf\nvnetbus.sys
    2004-11-11 03:54 9,728 ----a-r C:\WINDOWS\inf\bdco1ins.dll
    2004-11-11 03:54 9,728 ----a-r C:\WINDOWS\inf\bdco1.dll
    2004-11-11 03:54 200,192 ----a-r C:\WINDOWS\inf\fdco1ins.dll
    2004-11-11 03:54 200,192 ----a-r C:\WINDOWS\inf\fdco1.dll
    2004-11-01 17:21 10,368 ----a-w C:\WINDOWS\inf\SiWinAcc.sys
    2004-10-29 22:26 32,256 ----a-r C:\WINDOWS\inf\nvconrm.dll
    2004-10-04 11:34 10,005 ----a-w C:\WINDOWS\inf\wf2kXbar.sys
    2004-08-13 10:56 5,810 ----a-r C:\WINDOWS\inf\ASACPI.sys
    2004-08-03 23:54 54,784 ----a-w C:\WINDOWS\inf\vfwwdm32.dll
    2004-02-14 11:01 159,744 ----a-r C:\WINDOWS\inf\lvWIAext.dll
    2001-09-17 03:00 871,936 ----a-w C:\WINDOWS\inf\E_DI05ME.DLL
    2001-09-09 23:00 17,976 ----a-w C:\WINDOWS\inf\epusbsto.sys
    2001-09-03 04:00 268,758 ----a-w C:\WINDOWS\inf\E_DU15CE.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 14:25 8491008]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "NWEReboot"="" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 14:25 81920]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2008-01-24 18:47 3739672 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-10-05 14:25 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    --a------ 2004-12-20 17:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

    R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 11:11]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
    R1 mrxsmbb;mrxsmbb;C:\WINDOWS\system32\drivers\mrxsmbb.sys [2008-01-28 23:00]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 20:08:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-29 20:10:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-29 19:10:30
    .
    2008-01-21 18:11:24 --- E O F ---
    a b 8 Sécurité
    29 Janvier 2008 20:19:36

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Rootkit::
    C:\WINDOWS\system32\drivers\core.cache.dsk


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    29 Janvier 2008 20:40:51

    ComboFix 08-01-29.3 - laurent 2008-01-29 20:29:51.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535 [GMT 1:00]
    Endroit: C:\Documents and Settings\laurent\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\laurent\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-29 19:45 . 2008-01-29 19:45 <REP> d-------- C:\Program Files\Freeplayer
    2008-01-29 19:11 . 2008-01-29 19:48 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-01-29 19:11 . 2008-01-29 19:47 <REP> d-------- C:\Documents and Settings\laurent\Application Data\vlc
    2008-01-28 23:35 . 2008-01-29 00:15 265 --a------ C:\WINDOWS\wininit.ini
    2008-01-28 23:00 . 2008-01-28 23:00 86,144 --a------ C:\WINDOWS\system32\drivers\mrxsmbb.sys
    2008-01-28 23:00 . 2008-01-29 20:34 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-01-27 22:23 . 2008-01-27 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
    2008-01-27 01:49 . 2008-01-27 01:49 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-01-27 01:48 . 2008-01-27 01:48 <REP> d--h----- C:\Documents and Settings\laurent\InstallAnywhere
    2008-01-25 20:01 . 2008-01-25 20:02 14,565,344 --a------ C:\France 2 - 05-01-2008 21h09 2h.ts
    2008-01-25 19:48 . 2008-01-25 19:48 <REP> d-------- C:\Program Files\IZArc
    2008-01-24 18:39 . 2008-01-24 18:39 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SEGA
    2008-01-23 18:09 . 2008-01-23 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-01-23 18:04 . 2007-03-14 01:57 144,896 -ra------ C:\WINDOWS\system32\libsyslic1.original.dll
    2008-01-23 11:58 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
    2008-01-23 11:58 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
    2008-01-23 11:58 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
    2008-01-23 11:58 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
    2008-01-23 11:58 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
    2008-01-23 11:58 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
    2008-01-23 11:58 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
    2008-01-23 11:58 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
    2008-01-23 11:58 . 2008-01-23 11:58 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
    2008-01-23 11:58 . 2008-01-23 11:58 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
    2008-01-23 11:57 . 2008-01-25 18:27 11 --a------ C:\trace.ini
    2008-01-23 00:30 . 2008-01-23 00:30 <REP> d-------- C:\Program Files\Red Kawa
    2008-01-22 23:35 . 2008-01-22 23:51 <REP> d-------- C:\Program Files\Videora
    2008-01-22 23:29 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
    2008-01-22 23:29 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
    2008-01-22 23:29 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\iTunes
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\iPod
    2008-01-22 22:56 . 2008-01-29 19:36 <REP> d-------- C:\Program Files\Bonjour
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Apple Computer
    2008-01-22 22:56 . 2008-01-29 20:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-22 22:56 . 2008-01-22 22:56 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-22 22:55 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\QuickTime
    2008-01-22 22:55 . 2008-01-22 22:55 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-22 22:55 . 2008-01-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-22 22:55 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-01-22 22:54 . 2008-01-22 22:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-01-22 22:54 . 2008-01-22 22:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-21 00:04 . 2008-01-21 00:04 <REP> d-------- C:\Program Files\Diskeeper Corporation
    2008-01-21 00:04 . 2008-01-21 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
    2008-01-20 23:58 . 2008-01-20 23:58 <REP> d-------- C:\Diskeeper Pro Premier2007 (11.0.701.0)
    2008-01-20 22:11 . 2008-01-20 22:11 <REP> d-------- C:\Program Files\Windows Live
    2008-01-20 22:11 . 2008-01-20 22:11 268 --ah----- C:\sqmdata01.sqm
    2008-01-20 22:11 . 2008-01-20 22:11 244 --ah----- C:\sqmnoopt01.sqm
    2008-01-20 17:47 . 2008-01-28 23:07 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-20 17:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-20 15:38 . 2008-01-20 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-20 12:16 . 2008-01-20 17:52 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-01-20 12:14 . 2008-01-24 18:44 <REP> d-------- C:\Documents and Settings\laurent\Tracing
    2008-01-20 12:13 . 2008-01-20 12:13 268 --ah----- C:\sqmdata00.sqm
    2008-01-20 12:13 . 2008-01-20 12:13 244 --ah----- C:\sqmnoopt00.sqm
    2008-01-20 12:11 . 2008-01-23 18:06 878,080 --a------ C:\WINDOWS\system32\iconv.dll
    2008-01-20 12:11 . 2008-01-23 18:06 721,920 --a------ C:\WINDOWS\system32\libxml2.dll
    2008-01-20 12:11 . 2008-01-23 18:06 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd
    2008-01-20 12:11 . 2008-01-23 18:06 150,016 --a------ C:\WINDOWS\system32\libxslt.dll
    2008-01-20 12:11 . 2007-03-24 12:45 57,344 -ra------ C:\WINDOWS\system32\libsyslic1.dll
    2008-01-20 12:11 . 2008-01-23 18:06 51,200 --a------ C:\WINDOWS\system32\libexslt.dll
    2008-01-20 12:11 . 2008-01-23 16:25 192 --a------ C:\WINDOWS\system32\libsyslic1.ls
    2008-01-20 12:09 . 2008-01-23 18:09 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SYSTRAN
    2008-01-20 12:09 . 2008-01-20 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SYSTRAN
    2008-01-20 12:07 . 2008-01-20 12:07 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-20 11:43 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
    2008-01-20 11:39 . 2008-01-20 11:39 <REP> d-------- C:\Program Files\MSBuild
    2008-01-20 11:39 . 2008-01-20 11:39 <REP> d-------- C:\Program Files\Microsoft Works
    2008-01-20 11:36 . 2008-01-20 11:39 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-01-20 11:36 . 2008-01-20 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-20 11:35 . 2008-01-20 11:35 <REP> dr-h----- C:\MSOCache
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-17 21:40 . 2008-01-17 21:40 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Ahead
    2008-01-17 21:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-17 21:38 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Nero
    2008-01-17 21:38 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-17 21:35 . 2008-01-17 21:35 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-01-17 21:19 . 2008-01-17 21:19 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-17 20:11 . 2008-01-17 20:11 <REP> d-------- C:\Documents and Settings\laurent\Application Data\ESET
    2008-01-17 20:11 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
    2008-01-17 20:09 . 2008-01-17 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-01-17 19:53 . 2008-01-17 19:53 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-01-17 19:35 . 2008-01-17 19:35 <REP> d-------- C:\Program Files\QuickPar
    2008-01-17 19:08 . 2008-01-28 22:33 <REP> d-------- C:\Documents and Settings\laurent\Application Data\GrabIt
    2008-01-17 18:54 . 2008-01-17 18:54 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-17 18:52 . 2008-01-17 18:59 <REP> d-------- C:\Program Files\GrabIt
    2008-01-17 18:41 . 2008-01-17 18:41 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
    2008-01-17 18:37 . 2008-01-17 18:37 <REP> d-------- C:\Documents and Settings\laurent\Application Data\TuneUp Software
    2008-01-17 18:36 . 2008-01-23 00:30 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-01-17 18:36 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
    2008-01-17 18:36 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
    2008-01-17 18:36 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
    2008-01-17 18:36 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
    2008-01-17 18:36 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-01-17 18:36 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
    2008-01-17 18:36 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
    2008-01-17 18:36 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
    2008-01-17 18:35 . 2008-01-17 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 18:48 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-01-20 09:21 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-17 16:59 --------- d-----w C:\Documents and Settings\laurent\Application Data\ma-config.com
    2008-01-17 15:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-17 15:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-17 15:12 --------- d-----w C:\Program Files\ma-config.com
    2008-01-17 14:43 --------- d-----w C:\Program Files\Sunbelt Software
    2008-01-17 14:36 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-17 14:33 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-17 14:31 --------- d-----w C:\Program Files\Services en ligne
    2008-01-17 14:30 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-07 21:39 49,444,403 ----a-w C:\WINDOWS\inf\TousLesPilotes.EXE
    2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
    2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
    2007-12-05 00:41 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
    2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    2007-11-19 09:27 269,312 ----a-w C:\WINDOWS\inf\yk51x86.sys
    2007-11-07 14:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-26 10:20 4,124,352 ----a-r C:\WINDOWS\inf\alcxwdm.sys
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\inf\nvwddi.dll
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\inf\nvmctray.dll
    2007-10-05 13:25 8,491,008 ----a-w C:\WINDOWS\inf\nvcpl.dll
    2007-10-05 13:25 6,854,368 ----a-w C:\WINDOWS\inf\nv4_mini.sys
    2007-10-05 13:25 6,750,208 ----a-w C:\WINDOWS\inf\nvoglnt.dll
    2007-10-05 13:25 6,344,704 ----a-w C:\WINDOWS\inf\nvdisps.dll
    2007-10-05 13:25 5,755,520 ----a-w C:\WINDOWS\inf\nv4_disp.dll
    2007-10-05 13:25 5,509,120 ----a-w C:\WINDOWS\inf\nvdispsr.dll
    2007-10-05 13:25 458,752 ----a-w C:\WINDOWS\inf\nvmccssr.dll
    2007-10-05 13:25 364,544 ----a-w C:\WINDOWS\inf\nvapi.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\inf\nvcodins.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\inf\nvcod.dll
    2007-10-05 13:25 3,629,056 ----a-w C:\WINDOWS\inf\nvvitvsr.dll
    2007-10-05 13:25 3,551,232 ----a-w C:\WINDOWS\inf\nvvitvs.dll
    2007-10-05 13:25 3,334,144 ----a-w C:\WINDOWS\inf\nvgames.dll
    2007-10-05 13:25 3,166,208 ----a-w C:\WINDOWS\inf\nvgamesr.dll
    2007-10-05 13:25 286,720 ----a-w C:\WINDOWS\inf\nvnt4cpl.dll
    2007-10-05 13:25 229,376 ----a-w C:\WINDOWS\inf\nvmccs.dll
    2007-10-05 13:25 2,854,912 ----a-w C:\WINDOWS\inf\nvmoblsr.dll
    2007-10-05 13:25 2,441,216 ----a-w C:\WINDOWS\inf\nvwssr.dll
    2007-10-05 13:25 2,371,584 ----a-w C:\WINDOWS\inf\nvwss.dll
    2007-10-05 13:25 188,416 ----a-w C:\WINDOWS\inf\nvmccss.dll
    2007-10-05 13:25 155,716 ----a-w C:\WINDOWS\inf\nvsvc32.exe
    2007-10-05 13:25 1,150,976 ----a-w C:\WINDOWS\inf\nvmobls.dll
    2007-04-16 14:28 577,536 ----a-w C:\WINDOWS\inf\SoundMan.exe
    2007-02-07 17:30 209,200 ----a-w C:\WINDOWS\inf\Si3114r5.sys
    2007-01-30 22:17 28,768 ----a-w C:\WINDOWS\inf\tifsfilt.sys
    2006-12-08 14:20 10,528,768 ----a-w C:\WINDOWS\inf\RTLCPL.exe
    2006-10-18 20:20 5,504 ----a-w C:\WINDOWS\inf\SiRemFil.sys
    2006-10-18 01:53 147,456 ----a-w C:\WINDOWS\inf\RtlCPAPI.dll
    2006-07-31 10:27 217,088 ----a-w C:\WINDOWS\inf\alcrmv.exe
    2006-07-01 21:42 43,520 ----a-w C:\WINDOWS\inf\AmdK8.sys
    2006-04-20 14:20 19,456 ----a-w C:\WINDOWS\inf\wf2ktunr.sys
    2006-04-20 13:50 59,776 ----a-w C:\WINDOWS\inf\wf2kvcap.sys
    2005-08-29 23:49 94,000 ----a-w C:\WINDOWS\inf\ssm_mdm.sys
    2005-08-29 23:49 8,336 ----a-w C:\WINDOWS\inf\ssm_mdfl.sys
    2005-08-29 23:49 6,176 ----a-w C:\WINDOWS\inf\ssm_cmnt.sys
    2005-08-29 23:49 6,176 ----a-w C:\WINDOWS\inf\ssm_cm.sys
    2005-08-29 23:47 6,768 ----a-w C:\WINDOWS\inf\ssm_wh95.sys
    2005-08-29 23:47 58,320 ----a-w C:\WINDOWS\inf\ssm_bus.sys
    2005-08-29 23:47 5,840 ----a-w C:\WINDOWS\inf\ssm_whnt.sys
    2005-08-29 23:47 5,840 ----a-w C:\WINDOWS\inf\ssm_wh.sys
    2005-05-27 09:36 372,736 ----a-r C:\WINDOWS\inf\LVUI2RC.dll
    2005-05-27 09:32 1,317,152 ----a-r C:\WINDOWS\inf\lvcm.sys
    2005-05-27 09:31 22,016 ----a-r C:\WINDOWS\inf\LVUSBSta.sys
    2005-05-27 09:29 204,800 ----a-r C:\WINDOWS\inf\LVUI2.dll
    2005-05-27 09:26 204,800 ----a-r C:\WINDOWS\inf\lvcodec2.dll
    2005-05-27 09:23 2,180,096 ----a-r C:\WINDOWS\inf\lvsvf2.sys
    2005-05-27 09:19 106,496 ----a-r C:\WINDOWS\inf\lvcoinst.dll
    2004-11-11 03:56 33,408 ----a-r C:\WINDOWS\inf\NVENETFD.sys
    2004-11-11 03:56 274,944 ----a-r C:\WINDOWS\inf\nvnrm.sys
    2004-11-11 03:56 208,128 ----a-r C:\WINDOWS\inf\nvsnpu.sys
    2004-11-11 03:56 12,928 ----a-r C:\WINDOWS\inf\nvnetbus.sys
    2004-11-11 03:54 9,728 ----a-r C:\WINDOWS\inf\bdco1ins.dll
    2004-11-11 03:54 9,728 ----a-r C:\WINDOWS\inf\bdco1.dll
    2004-11-11 03:54 200,192 ----a-r C:\WINDOWS\inf\fdco1ins.dll
    2004-11-11 03:54 200,192 ----a-r C:\WINDOWS\inf\fdco1.dll
    2004-11-01 17:21 10,368 ----a-w C:\WINDOWS\inf\SiWinAcc.sys
    2004-10-29 22:26 32,256 ----a-r C:\WINDOWS\inf\nvconrm.dll
    2004-10-04 11:34 10,005 ----a-w C:\WINDOWS\inf\wf2kXbar.sys
    2004-08-13 10:56 5,810 ----a-r C:\WINDOWS\inf\ASACPI.sys
    2004-08-03 23:54 54,784 ----a-w C:\WINDOWS\inf\vfwwdm32.dll
    2004-02-14 11:01 159,744 ----a-r C:\WINDOWS\inf\lvWIAext.dll
    2001-09-17 03:00 871,936 ----a-w C:\WINDOWS\inf\E_DI05ME.DLL
    2001-09-09 23:00 17,976 ----a-w C:\WINDOWS\inf\epusbsto.sys
    2001-09-03 04:00 268,758 ----a-w C:\WINDOWS\inf\E_DU15CE.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 14:25 8491008]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "NWEReboot"="" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 14:25 81920]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2008-01-24 18:47 3739672 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-10-05 14:25 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    --a------ 2004-12-20 17:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

    R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 11:11]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
    R1 mrxsmbb;mrxsmbb;C:\WINDOWS\system32\drivers\mrxsmbb.sys [2008-01-28 23:00]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 20:35:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-29 20:36:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-29 19:36:44
    ComboFix2.txt 2008-01-29 19:10:38
    .
    2008-01-21 18:11:24 --- E O F ---




    Logfile of HijackThis v1.99.1
    Scan saved at 20:40:43, on 29/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Traduire (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



    a b 8 Sécurité
    29 Janvier 2008 20:50:06

    Tu as essayé le scan Nod32 en sans échec ?
    29 Janvier 2008 20:56:58

    non, je redemarre en mode sans echec ,je fais le scan, et je te tiens au courant....
    29 Janvier 2008 21:13:24

    petite question angeldark,
    est-ce que c'est normal que le scan se fasse via la console en mode sans echec?
    a b 8 Sécurité
    29 Janvier 2008 21:23:55

    C'est possible.
    29 Janvier 2008 21:52:52

    re,
    le scan en mode sans echec n'a rien donné!!
    a b 8 Sécurité
    30 Janvier 2008 13:25:47

    Donc le driver n'est plus présent ?
    30 Janvier 2008 16:46:18

    re-bonjour,
    si ,il est toujours present,crois-tu que smitfraudfix pourrait faire quelque chose, j'essayerais en rentrant chez moi ce soir ,
    si tu as d'autres propositions je suis preneur car c'est un peu penible toutes ces fenetres qui s'ouvrent en plus je suis sur mozilla
    merci pour ton aide
    30 Janvier 2008 16:56:53

    re-bonjour,
    si ,il est toujours present,crois-tu que smitfraudfix pourrait faire quelque chose, j'essayerais en rentrant chez moi ce soir ,
    si tu as d'autres propositions je suis preneur car c'est un peu penible toutes ces fenetres qui s'ouvrent en plus je suis sur mozilla
    merci pour ton aide
    a b 8 Sécurité
    30 Janvier 2008 18:54:49

    Smitfraudfix n'a rien à voir.
    Refais un scan Combofix.
    30 Janvier 2008 20:02:33

    ComboFix 08-01-29.3 - laurent 2008-01-30 19:50:39.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1563 [GMT 1:00]
    Endroit: C:\Documents and Settings\laurent\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-29 21:49 . 2008-01-30 19:55 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-01-29 20:59 . 2008-01-17 16:20 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-01-29 20:59 . 2008-01-17 16:20 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-29 20:59 . 2008-01-17 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-01-29 20:59 . 2008-01-17 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-29 20:59 . 2008-01-17 16:20 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-01-29 20:59 . 2008-01-17 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-29 20:59 . 2008-01-17 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-29 20:59 . 2008-01-29 20:59 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2008-01-29 19:45 . 2008-01-29 19:45 <REP> d-------- C:\Program Files\Freeplayer
    2008-01-29 19:11 . 2008-01-29 20:40 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-01-29 19:11 . 2008-01-29 19:47 <REP> d-------- C:\Documents and Settings\laurent\Application Data\vlc
    2008-01-28 23:35 . 2008-01-29 00:15 265 --a------ C:\WINDOWS\wininit.ini
    2008-01-28 23:00 . 2008-01-28 23:00 86,144 --a------ C:\WINDOWS\system32\drivers\mrxsmbb.sys
    2008-01-27 22:23 . 2008-01-27 22:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
    2008-01-27 01:49 . 2008-01-27 01:49 <REP> d--h----- C:\Program Files\Zero G Registry
    2008-01-27 01:48 . 2008-01-27 01:48 <REP> d--h----- C:\Documents and Settings\laurent\InstallAnywhere
    2008-01-25 20:01 . 2008-01-25 20:02 14,565,344 --a------ C:\France 2 - 05-01-2008 21h09 2h.ts
    2008-01-25 19:48 . 2008-01-25 19:48 <REP> d-------- C:\Program Files\IZArc
    2008-01-24 18:39 . 2008-01-24 18:39 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SEGA
    2008-01-23 18:09 . 2008-01-23 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-01-23 18:04 . 2007-03-14 01:57 144,896 -ra------ C:\WINDOWS\system32\libsyslic1.original.dll
    2008-01-23 11:58 . 1998-09-02 09:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
    2008-01-23 11:58 . 1998-08-27 05:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
    2008-01-23 11:58 . 1998-08-20 12:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
    2008-01-23 11:58 . 1998-09-02 09:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
    2008-01-23 11:58 . 1998-09-02 09:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
    2008-01-23 11:58 . 1998-08-17 10:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
    2008-01-23 11:58 . 1998-08-17 10:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
    2008-01-23 11:58 . 1998-08-17 10:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
    2008-01-23 11:58 . 2008-01-23 11:58 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
    2008-01-23 11:58 . 2008-01-23 11:58 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
    2008-01-23 11:57 . 2008-01-25 18:27 11 --a------ C:\trace.ini
    2008-01-23 00:30 . 2008-01-23 00:30 <REP> d-------- C:\Program Files\Red Kawa
    2008-01-22 23:35 . 2008-01-22 23:51 <REP> d-------- C:\Program Files\Videora
    2008-01-22 23:29 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
    2008-01-22 23:29 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
    2008-01-22 23:29 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\iTunes
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\iPod
    2008-01-22 22:56 . 2008-01-29 19:36 <REP> d-------- C:\Program Files\Bonjour
    2008-01-22 22:56 . 2008-01-22 22:56 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Apple Computer
    2008-01-22 22:56 . 2008-01-30 19:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-22 22:56 . 2008-01-22 22:56 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-22 22:55 . 2008-01-22 22:56 <REP> d-------- C:\Program Files\QuickTime
    2008-01-22 22:55 . 2008-01-22 22:55 <REP> d-------- C:\Program Files\Apple Software Update
    2008-01-22 22:55 . 2008-01-22 22:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-22 22:55 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-01-22 22:54 . 2008-01-22 22:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-01-22 22:54 . 2008-01-22 22:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-01-21 00:04 . 2008-01-21 00:04 <REP> d-------- C:\Program Files\Diskeeper Corporation
    2008-01-21 00:04 . 2008-01-21 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
    2008-01-20 23:58 . 2008-01-20 23:58 <REP> d-------- C:\Diskeeper Pro Premier2007 (11.0.701.0)
    2008-01-20 22:11 . 2008-01-20 22:11 <REP> d-------- C:\Program Files\Windows Live
    2008-01-20 22:11 . 2008-01-20 22:11 268 --ah----- C:\sqmdata01.sqm
    2008-01-20 22:11 . 2008-01-20 22:11 244 --ah----- C:\sqmnoopt01.sqm
    2008-01-20 17:47 . 2008-01-28 23:07 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-20 17:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-20 15:38 . 2008-01-20 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-20 12:16 . 2008-01-20 17:52 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-01-20 12:14 . 2008-01-24 18:44 <REP> d-------- C:\Documents and Settings\laurent\Tracing
    2008-01-20 12:13 . 2008-01-20 12:13 268 --ah----- C:\sqmdata00.sqm
    2008-01-20 12:13 . 2008-01-20 12:13 244 --ah----- C:\sqmnoopt00.sqm
    2008-01-20 12:11 . 2008-01-23 18:06 878,080 --a------ C:\WINDOWS\system32\iconv.dll
    2008-01-20 12:11 . 2008-01-23 18:06 721,920 --a------ C:\WINDOWS\system32\libxml2.dll
    2008-01-20 12:11 . 2008-01-23 18:06 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd
    2008-01-20 12:11 . 2008-01-23 18:06 150,016 --a------ C:\WINDOWS\system32\libxslt.dll
    2008-01-20 12:11 . 2007-03-24 12:45 57,344 -ra------ C:\WINDOWS\system32\libsyslic1.dll
    2008-01-20 12:11 . 2008-01-23 18:06 51,200 --a------ C:\WINDOWS\system32\libexslt.dll
    2008-01-20 12:11 . 2008-01-23 16:25 192 --a------ C:\WINDOWS\system32\libsyslic1.ls
    2008-01-20 12:09 . 2008-01-23 18:09 <REP> d-------- C:\Documents and Settings\laurent\Application Data\SYSTRAN
    2008-01-20 12:09 . 2008-01-20 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SYSTRAN
    2008-01-20 12:07 . 2008-01-20 12:07 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-20 11:43 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
    2008-01-20 11:39 . 2008-01-20 11:39 <REP> d-------- C:\Program Files\MSBuild
    2008-01-20 11:39 . 2008-01-20 11:39 <REP> d-------- C:\Program Files\Microsoft Works
    2008-01-20 11:36 . 2008-01-20 11:39 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-01-20 11:36 . 2008-01-20 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-20 11:35 . 2008-01-20 11:35 <REP> dr-h----- C:\MSOCache
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-20 10:16 . 2008-01-20 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-17 21:40 . 2008-01-17 21:40 <REP> d-------- C:\Documents and Settings\laurent\Application Data\Ahead
    2008-01-17 21:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-17 21:38 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Nero
    2008-01-17 21:38 . 2008-01-17 21:38 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-17 21:35 . 2008-01-17 21:35 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-01-17 21:19 . 2008-01-17 21:19 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-01-17 20:11 . 2008-01-17 20:11 <REP> d-------- C:\Documents and Settings\laurent\Application Data\ESET
    2008-01-17 20:11 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
    2008-01-17 20:09 . 2008-01-17 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-01-17 19:53 . 2008-01-17 19:53 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-01-17 19:35 . 2008-01-17 19:35 <REP> d-------- C:\Program Files\QuickPar
    2008-01-17 19:08 . 2008-01-28 22:33 <REP> d-------- C:\Documents and Settings\laurent\Application Data\GrabIt
    2008-01-17 18:54 . 2008-01-17 18:54 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-17 18:52 . 2008-01-17 18:59 <REP> d-------- C:\Program Files\GrabIt
    2008-01-17 18:41 . 2008-01-17 18:41 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
    2008-01-17 18:37 . 2008-01-17 18:37 <REP> d-------- C:\Documents and Settings\laurent\Application Data\TuneUp Software
    2008-01-17 18:36 . 2008-01-23 00:30 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-01-17 18:36 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 19:40 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-01-20 09:21 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-17 16:59 --------- d-----w C:\Documents and Settings\laurent\Application Data\ma-config.com
    2008-01-17 15:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-17 15:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-17 15:12 --------- d-----w C:\Program Files\ma-config.com
    2008-01-17 14:43 --------- d-----w C:\Program Files\Sunbelt Software
    2008-01-17 14:36 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-17 14:33 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-17 14:31 --------- d-----w C:\Program Files\Services en ligne
    2008-01-17 14:30 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-07 21:39 49,444,403 ----a-w C:\WINDOWS\inf\TousLesPilotes.EXE
    2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
    2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
    2007-12-05 00:41 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
    2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    2007-11-19 09:27 269,312 ----a-w C:\WINDOWS\inf\yk51x86.sys
    2007-11-07 14:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-26 10:20 4,124,352 ----a-r C:\WINDOWS\inf\alcxwdm.sys
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\inf\nvwddi.dll
    2007-10-05 13:25 81,920 ----a-w C:\WINDOWS\inf\nvmctray.dll
    2007-10-05 13:25 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-10-05 13:25 8,491,008 ----a-w C:\WINDOWS\inf\nvcpl.dll
    2007-10-05 13:25 6,854,368 ----a-w C:\WINDOWS\inf\nv4_mini.sys
    2007-10-05 13:25 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-10-05 13:25 6,750,208 ----a-w C:\WINDOWS\inf\nvoglnt.dll
    2007-10-05 13:25 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-10-05 13:25 6,344,704 ----a-w C:\WINDOWS\inf\nvdisps.dll
    2007-10-05 13:25 5,755,520 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-10-05 13:25 5,755,520 ----a-w C:\WINDOWS\inf\nv4_disp.dll
    2007-10-05 13:25 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
    2007-10-05 13:25 5,509,120 ----a-w C:\WINDOWS\inf\nvdispsr.dll
    2007-10-05 13:25 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
    2007-10-05 13:25 458,752 ----a-w C:\WINDOWS\inf\nvmccssr.dll
    2007-10-05 13:25 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-10-05 13:25 364,544 ----a-w C:\WINDOWS\inf\nvapi.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\inf\nvcodins.dll
    2007-10-05 13:25 36,864 ----a-w C:\WINDOWS\inf\nvcod.dll
    2007-10-05 13:25 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
    2007-10-05 13:25 3,629,056 ----a-w C:\WINDOWS\inf\nvvitvsr.dll
    2007-10-05 13:25 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-10-05 13:25 3,551,232 ----a-w C:\WINDOWS\inf\nvvitvs.dll
    2007-10-05 13:25 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-10-05 13:25 3,334,144 ----a-w C:\WINDOWS\inf\nvgames.dll
    2007-10-05 13:25 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
    2007-10-05 13:25 3,166,208 ----a-w C:\WINDOWS\inf\nvgamesr.dll
    2007-10-05 13:25 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-10-05 13:25 286,720 ----a-w C:\WINDOWS\inf\nvnt4cpl.dll
    2007-10-05 13:25 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
    2007-10-05 13:25 229,376 ----a-w C:\WINDOWS\inf\nvmccs.dll
    2007-10-05 13:25 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
    2007-10-05 13:25 2,854,912 ----a-w C:\WINDOWS\inf\nvmoblsr.dll
    2007-10-05 13:25 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
    2007-10-05 13:25 2,441,216 ----a-w C:\WINDOWS\inf\nvwssr.dll
    2007-10-05 13:25 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
    2007-10-05 13:25 2,371,584 ----a-w C:\WINDOWS\inf\nvwss.dll
    2007-10-05 13:25 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
    2007-10-05 13:25 188,416 ----a-w C:\WINDOWS\inf\nvmccss.dll
    2007-10-05 13:25 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-10-05 13:25 155,716 ----a-w C:\WINDOWS\inf\nvsvc32.exe
    2007-10-05 13:25 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
    2007-10-05 13:25 1,150,976 ----a-w C:\WINDOWS\inf\nvmobls.dll
    2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-04-16 14:28 577,536 ----a-w C:\WINDOWS\inf\SoundMan.exe
    2007-02-07 17:30 209,200 ----a-w C:\WINDOWS\inf\Si3114r5.sys
    2007-01-30 22:17 28,768 ----a-w C:\WINDOWS\inf\tifsfilt.sys
    2006-12-08 14:20 10,528,768 ----a-w C:\WINDOWS\inf\RTLCPL.exe
    2006-10-18 20:20 5,504 ----a-w C:\WINDOWS\inf\SiRemFil.sys
    2006-10-18 01:53 147,456 ----a-w C:\WINDOWS\inf\RtlCPAPI.dll
    2006-07-31 10:27 217,088 ----a-w C:\WINDOWS\inf\alcrmv.exe
    2006-07-01 21:42 43,520 ----a-w C:\WINDOWS\inf\AmdK8.sys
    2006-04-20 14:20 19,456 ----a-w C:\WINDOWS\inf\wf2ktunr.sys
    2006-04-20 13:50 59,776 ----a-w C:\WINDOWS\inf\wf2kvcap.sys
    2005-08-29 23:49 94,000 ----a-w C:\WINDOWS\inf\ssm_mdm.sys
    2005-08-29 23:49 8,336 ----a-w C:\WINDOWS\inf\ssm_mdfl.sys
    2005-08-29 23:49 6,176 ----a-w C:\WINDOWS\inf\ssm_cmnt.sys
    2005-08-29 23:49 6,176 ----a-w C:\WINDOWS\inf\ssm_cm.sys
    2005-08-29 23:47 6,768 ----a-w C:\WINDOWS\inf\ssm_wh95.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 14:25 8491008]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "NWEReboot"="" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 14:25 81920]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-03 23:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2008-01-24 18:47 3739672 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-10-05 14:25 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
    --a------ 2004-12-20 17:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

    R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 11:11]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
    R1 mrxsmbb;mrxsmbb;C:\WINDOWS\system32\drivers\mrxsmbb.sys [2008-01-28 23:00]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-30 19:56:01
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-30 19:57:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-30 18:57:35
    ComboFix2.txt 2008-01-29 19:36:52
    ComboFix3.txt 2008-01-29 19:10:38
    .
    2008-01-21 18:11:24 --- E O F ---
    a b 8 Sécurité
    30 Janvier 2008 20:13:26

    Les gros moyens :) 

    1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
    Dézippe-le ensuite sur ton Bureau.

    2/ Copie tout le texte en rouge[/#f] ci-dessous :

    Citation :
    [#ff1c00]Files to delete:
    C:\WINDOWS\system32\drivers\core.cache.dsk


    ---> Clique-droit puis Copier

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.


    3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
    Sous "Script file to execute" choisis "Input Script Manually".
    Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
    Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
    Clique sur "Done"
    Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
    Réponds par "Yes" deux fois quand cela te sera demandé.

    4/ The Avenger va automatiquement faire ce qui suit :
    Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
    Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
    Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

    5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.
    30 Janvier 2008 20:43:14

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\kfmggjwq

    *******************

    Script file located at: fqmfluit

    Could not open script file! Error

    Could not open script file! Status: 0xc000003b Abort!







    Logfile of HijackThis v1.99.1
    Scan saved at 20:43:05, on 30/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Traduire (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    a b 8 Sécurité
    30 Janvier 2008 20:50:49

    Tu peux réessayer la procédure ?
    30 Janvier 2008 21:14:30

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\cebvrrgf

    *******************

    Script file located at: \??\C:\Documents and Settings\uhggqqlb.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\drivers\core.cache.dsk deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Logfile of HijackThis v1.99.1
    Scan saved at 21:11:19, on 30/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Traduire (SYSTRAN) - res://G:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    le script a l'air d'avoir fonctionné d'après avenger ,mais le fichier apparait toujours dans driver et les fenetres d'IE aussi
    31 Janvier 2008 15:45:13

    probleme résolu via un autre forum
    merci encore pour ton aide angeldark
    a b 8 Sécurité
    31 Janvier 2008 18:23:05

    Evite de poster sur plusieurs forums, c'est juste se foutre de la gueule des personnes qui aident...
    31 Janvier 2008 21:41:03

    pas du tout, c'est juste pour que ça aille plus vite,eviter que cela traine plusieurs jours et profiter des competences de chacun, personne n'a le monopole et l'exclusivite et d'ailleurs tout le monde poste sur plusieurs forums,
    fais un tour sur les differents sites,tu retrouveras ceux qui ont postés ici.
    merci quand même.......
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS