DjDarksidius

Bonjour, J'ai eu un nouveau pc y a 15 jours avec Vista ultimate 32 Bits (j'ai fait la mise à jour SP1) + winxp sp2 en multiboot. J'ai deux disque durs dont un raptor de 78 Go partitionner en deux avec les deux OS dessus. Je me suis rendu compte que l'espace de la partition "VISTA" diminue sans raison apparente. J'ai donc cherché sur internet les raisons de ce phénoméne, j'ai supprimé les points de restauration, j'ai diminué la mémoire virtuel (apparement 512 de mémoire virtuel suffiser) malgrés les 4 go de ram. J'ai même arrêté le "superfetch", rien n'y fait ça diminue toujours, il me reste 3Go de libre sur 35 Go de partition, en sachant qu'il y a que l'OS d'installer et rien d'autre. Bien sur c'est 3GO de libre je les ai en nettoyant avec ccleaner, easycleaner, ewido et mes anti spyware, sinon ça arrive qu'il me reste que 250 mo de libre sur la partition . Bref, je me tourne vers vous en ultime recours, je ne sais plus quoi faire, mon anti virus "Antivir" ne détecte aucun virus donc qu'est ce que ça peut être ? Je précise que je n'ai pas ce phénoméne sur Winxp...Merci d'avance

Apparemment ça a l'air d'aller, j'ai eu tout de même un virus ce matin mais je pense que ça n'a aucun rapport, je pense que mon firewall windows est un gruyére, il me faudrait autre chose de plus efficace. Par contre, je voudrais savoir si il existe un logiciel qui permet d'effacer les fichiers impossible à effacer normalement ? Merci de votre aide en tout cas, vous êtes rodé dans votre domaine, continuez comme ça , heureusement qu'il existe des forums comme le votre car on aurait du mal à s'en sortir. Merci encore

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, February 20, 2008 9:05:14 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/02/2008 Kaspersky Anti-Virus database records: 573775 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 117035 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:26:55 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\cert8.db Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\history.dat Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\key3.db Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\parent.lock Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\search.sqlite Object is locked skipped C:\Documents and Settings\Yvan\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Yvan\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Application Data\Mozilla\Firefox\Profiles\w4knhlpe.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Temp\~DFEFD.tmp Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Yvan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Yvan\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Yvan\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{8D53732C-5CCD-4FE6-A2DF-591052E8D028}\RP153\A0033214.exe Object is locked skipped C:\System Volume Information\_restore{8D53732C-5CCD-4FE6-A2DF-591052E8D028}\RP153\A0034185.dll Object is locked skipped C:\System Volume Information\_restore{8D53732C-5CCD-4FE6-A2DF-591052E8D028}\RP156\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{8D53732C-5CCD-4FE6-A2DF-591052E8D028}\RP156\change.log Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{8D53732C-5CCD-4FE6-A2DF-591052E8D028}\RP156\change.log Object is locked skipped Scan process completed.

ComboFix 08-02-20.2 - Yvan 2008-02-20 18:17:22.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.673 [GMT 1:00] Endroit: C:\Documents and Settings\Yvan\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Yvan\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\fbqnkseu.ini C:\WINDOWS\system32\hiqvwpyp.ini C:\WINDOWS\system32\malqqaet.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\fbqnkseu.ini C:\WINDOWS\system32\hiqvwpyp.ini C:\WINDOWS\system32\malqqaet.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))))))) . 2008-02-20 15:21 . 2008-02-20 15:21 <REP> d-------- C:\Program Files\Avira 2008-02-20 13:29 . 2008-02-20 13:29 <REP> d-------- C:\VundoFix Backups 2008-02-20 13:17 . 2008-02-20 13:17 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-20 08:36 . 2008-02-20 08:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-20 08:23 . 2008-02-20 08:23 <REP> d-------- C:\Program Files\NVIDIA Corporation 2008-02-20 08:23 . 2008-02-20 08:44 113 --a------ C:\WINDOWS\NVProfileManager.INI 2008-02-20 08:19 . 2008-02-20 08:20 <REP> d-------- C:\Program Files\ASUS 2008-02-19 18:28 . 2008-02-19 18:32 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-19 18:01 . 2008-02-19 18:01 <REP> d-------- C:\WINDOWS\AU_Backup 2008-02-19 18:01 . 2008-02-19 20:38 <REP> d-------- C:\Documents and Settings\Yvan\.housecall6.6 2008-02-19 18:01 . 2008-02-19 18:01 36,370,549 --a------ C:\WINDOWS\VPTNFILE.111 2008-02-19 18:01 . 2008-02-19 18:01 1,922,158 --a------ C:\WINDOWS\tsc.ptn 2008-02-19 18:01 . 2008-02-19 18:01 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-02-19 18:01 . 2008-02-19 18:01 267,845 --a------ C:\WINDOWS\tsc.exe 2008-02-19 18:01 . 2008-02-19 18:01 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-02-19 18:01 . 2008-02-19 18:01 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-02-19 18:01 . 2008-02-19 18:02 674 --a------ C:\WINDOWS\tsc.ini 2008-02-19 18:00 . 2008-02-19 18:01 <REP> d-------- C:\WINDOWS\AU_Temp 2008-02-19 18:00 . 2008-02-19 18:00 <REP> d-------- C:\WINDOWS\AU_Log 2008-02-19 18:00 . 2008-02-19 18:00 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-02-19 18:00 . 2008-02-19 18:00 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-02-19 18:00 . 2008-02-19 18:00 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-02-19 18:00 . 2008-02-19 18:00 170 --a------ C:\WINDOWS\GetServer.ini 2008-02-19 17:49 . 2008-02-19 17:49 <REP> d-------- C:\Program Files\CleanUp! 2008-02-19 17:44 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-18 23:15 . 2008-02-18 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-18 23:08 . 2008-02-18 23:08 <REP> d-------- C:\Program Files\Sophos 2008-02-18 23:00 . 2008-02-18 23:00 <REP> d-------- C:\Program Files\CCleaner 2008-02-18 10:14 . 2008-02-18 10:14 <REP> d-------- C:\Documents and Settings\Yvan\Application Data\Lavasoft 2008-02-18 10:14 . 2008-02-18 10:13 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-18 10:14 . 2008-02-18 10:14 3,456 --a------ C:\WINDOWS\unins000.dat 2008-02-18 10:13 . 2008-02-18 10:13 <REP> d-------- C:\Program Files\Lavasoft 2008-02-18 10:11 . 2008-02-18 10:17 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-18 10:11 . 2008-02-18 10:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-18 10:08 . 2004-08-19 15:10 25,088 --a------ C:\WINDOWS\system32\userini.exe 2008-02-17 15:02 . 2008-02-20 08:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-17 15:02 . 2008-02-17 15:02 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-17 11:32 . 2008-02-17 11:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-02-02 12:41 . 2008-02-02 12:42 <REP> d-------- C:\Program Files\iTunes 2008-02-02 12:41 . 2008-02-02 12:41 <REP> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-20 14:36 --------- d-----w C:\Documents and Settings\Yvan\Application Data\SecondLife 2008-02-20 11:22 196,608 ----a-w C:\WINDOWS\system32\drivers\nVivid.bin 2008-02-20 07:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 06:32 --------- d-----w C:\Program Files\Spyware Doctor 2008-02-19 16:33 --------- d-----w C:\Program Files\Bonjour 2008-02-15 17:40 --------- d-----w C:\Documents and Settings\Yvan\Application Data\FileZilla 2008-02-02 11:40 --------- d-----w C:\Program Files\QuickTime 2008-01-31 16:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-17 18:57 --------- d-----w C:\Program Files\DivX 2008-01-17 09:43 --------- d-----w C:\Documents and Settings\Yvan\Application Data\iMesh 2008-01-15 12:56 --------- d-----w C:\Documents and Settings\Yvan\Application Data\Samsung 2008-01-15 12:48 --------- d-----w C:\Program Files\Samsung 2008-01-11 15:06 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2007-12-27 16:45 --------- d-----w C:\Program Files\Setup Files 2007-12-27 16:43 --------- d-----w C:\Program Files\MSI 2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-06-10 01:12 1015808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-07 21:09 7700480] "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 08:28 72192] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 11:01 1037736] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-07 21:09 86016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-07 21:19 185632] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-03-18 12:50 589824] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-20 15:22 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360] C:\Documents and Settings\Yvan\Menu D‚marrer\Programmes\D‚marrage\ raccourcis_KPlan.exe.lnk - C:\kplan\KPlan.exe [2007-10-08 21:51:34 5794816] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20 73728] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472] SATARAID5.lnk - C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar [2007-10-07 19:29:42 1578096] R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 10:42] R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 10:42] R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 09:06] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\38F.tmp [] S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 09:51] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] *Newly Created Service* - SSMDRV . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-16 11:17:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 18:18:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-20 18:19:13 ComboFix-quarantined-files.txt 2008-02-20 17:19:05 ComboFix2.txt 2008-02-20 16:29:30 . 2008-02-13 10:13:12 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:48, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: raccourcis_KPlan.exe.lnk = C:\kplan\KPlan.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8836 bytes

ComboFix 08-02-20.2 - Yvan 2008-02-20 17:27:44.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.665 [GMT 1:00] Endroit: C:\Documents and Settings\Yvan\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\bccdd.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))))))) . 2008-02-20 15:21 . 2008-02-20 15:21 <REP> d-------- C:\Program Files\Avira 2008-02-20 13:57 . 2008-02-20 13:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-20 13:57 . 2008-02-20 13:57 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-20 13:29 . 2008-02-20 13:29 <REP> d-------- C:\VundoFix Backups 2008-02-20 13:17 . 2008-02-20 13:17 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-20 08:36 . 2008-02-20 08:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-20 08:23 . 2008-02-20 08:23 <REP> d-------- C:\Program Files\NVIDIA Corporation 2008-02-20 08:23 . 2008-02-20 08:44 113 --a------ C:\WINDOWS\NVProfileManager.INI 2008-02-20 08:19 . 2008-02-20 08:20 <REP> d-------- C:\Program Files\ASUS 2008-02-19 19:23 . 2008-02-19 19:24 774 ---hs---- C:\WINDOWS\system32\hiqvwpyp.ini 2008-02-19 18:28 . 2008-02-19 18:32 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-19 18:01 . 2008-02-19 18:01 <REP> d-------- C:\WINDOWS\AU_Backup 2008-02-19 18:01 . 2008-02-19 20:38 <REP> d-------- C:\Documents and Settings\Yvan\.housecall6.6 2008-02-19 18:01 . 2008-02-19 18:01 36,370,549 --a------ C:\WINDOWS\VPTNFILE.111 2008-02-19 18:01 . 2008-02-19 18:01 1,922,158 --a------ C:\WINDOWS\tsc.ptn 2008-02-19 18:01 . 2008-02-19 18:01 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-02-19 18:01 . 2008-02-19 18:01 267,845 --a------ C:\WINDOWS\tsc.exe 2008-02-19 18:01 . 2008-02-19 18:01 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-02-19 18:01 . 2008-02-19 18:01 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-02-19 18:01 . 2008-02-19 18:02 674 --a------ C:\WINDOWS\tsc.ini 2008-02-19 18:00 . 2008-02-19 18:01 <REP> d-------- C:\WINDOWS\AU_Temp 2008-02-19 18:00 . 2008-02-19 18:00 <REP> d-------- C:\WINDOWS\AU_Log 2008-02-19 18:00 . 2008-02-19 18:00 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-02-19 18:00 . 2008-02-19 18:00 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-02-19 18:00 . 2008-02-19 18:00 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-02-19 18:00 . 2008-02-19 18:00 170 --a------ C:\WINDOWS\GetServer.ini 2008-02-19 17:49 . 2008-02-19 17:49 <REP> d-------- C:\Program Files\CleanUp! 2008-02-19 17:44 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-19 14:24 . 2008-02-19 18:12 714 ---hs---- C:\WINDOWS\system32\fbqnkseu.ini 2008-02-18 23:15 . 2008-02-18 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-18 23:08 . 2008-02-18 23:08 <REP> d-------- C:\Program Files\Sophos 2008-02-18 23:00 . 2008-02-18 23:00 <REP> d-------- C:\Program Files\CCleaner 2008-02-18 22:52 . 2008-02-19 13:27 474 ---hs---- C:\WINDOWS\system32\malqqaet.ini 2008-02-18 10:14 . 2008-02-18 10:14 <REP> d-------- C:\Documents and Settings\Yvan\Application Data\Lavasoft 2008-02-18 10:14 . 2008-02-18 10:13 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-18 10:14 . 2008-02-18 10:14 3,456 --a------ C:\WINDOWS\unins000.dat 2008-02-18 10:13 . 2008-02-18 10:13 <REP> d-------- C:\Program Files\Lavasoft 2008-02-18 10:11 . 2008-02-18 10:17 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-18 10:11 . 2008-02-18 10:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-18 10:08 . 2004-08-19 15:10 25,088 --a------ C:\WINDOWS\system32\userini.exe 2008-02-17 15:02 . 2008-02-20 08:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-17 15:02 . 2008-02-17 15:02 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-17 11:32 . 2008-02-17 11:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-02-02 12:41 . 2008-02-02 12:42 <REP> d-------- C:\Program Files\iTunes 2008-02-02 12:41 . 2008-02-02 12:41 <REP> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 14:36 --------- d-----w C:\Documents and Settings\Yvan\Application Data\SecondLife 2008-02-20 11:22 196,608 ----a-w C:\WINDOWS\system32\drivers\nVivid.bin 2008-02-20 07:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 06:32 --------- d-----w C:\Program Files\Spyware Doctor 2008-02-19 16:33 --------- d-----w C:\Program Files\Bonjour 2008-02-19 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-18 09:08 11,264 ----a-w C:\WINDOWS\system32\userinit.exe 2008-02-15 17:40 --------- d-----w C:\Documents and Settings\Yvan\Application Data\FileZilla 2008-02-02 11:40 --------- d-----w C:\Program Files\QuickTime 2008-01-31 16:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-17 18:57 --------- d-----w C:\Program Files\DivX 2008-01-17 09:43 --------- d-----w C:\Documents and Settings\Yvan\Application Data\iMesh 2008-01-15 12:56 --------- d-----w C:\Documents and Settings\Yvan\Application Data\Samsung 2008-01-15 12:48 --------- d-----w C:\Program Files\Samsung 2008-01-11 15:06 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2007-12-27 16:45 --------- d-----w C:\Program Files\Setup Files 2007-12-27 16:43 --------- d-----w C:\Program Files\MSI 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-06-10 01:12 1015808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-07 21:09 7700480] "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 08:28 72192] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 11:01 1037736] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-07 21:09 86016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-07 21:19 185632] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-03-18 12:50 589824] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-20 15:22 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360] C:\Documents and Settings\Yvan\Menu D‚marrer\Programmes\D‚marrage\ raccourcis_KPlan.exe.lnk - C:\kplan\KPlan.exe [2007-10-08 21:51:34 5794816] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20 73728] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472] SATARAID5.lnk - C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar [2007-10-07 19:29:42 1578096] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrpqr] rqrrpqr.dll R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 10:42] R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 10:42] R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 15:52] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 09:06] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\38F.tmp [] S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 09:51] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] *Newly Created Service* - SSMDRV . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-16 11:17:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 17:29:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-20 17:29:29 ComboFix-quarantined-files.txt 2008-02-20 16:29:22 . 2008-02-13 10:13:12 --- E O F ---

J'ai suivis les instructions à la lettre mais quand Vundofix avait fini son scan et quand j'ai fait "remove" ça n'a pas redémarré le PC, il ne sait rien passer donc j'ai redémarré moi même le PC puis il a planté avec un écran bleu quand le redémarrage a été effectué. Sinon voici les rapports : RAPPORT SDFix : SDFix: Version 1.144 Run by Yvan on 20/02/2008 at 13:18 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\Yvan\Bureau\SDFix Checking Services: Name: wer32 Path: \??\C:\WINDOWS\system32\jkghje.dll wer32 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Checking Files: No Trojan Files Found Folder C:\Program Files\Helper - Removed Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 13:23:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 11 Remaining Services: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\\SecondLife\\SLVoice.exe"="D:\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice" "E:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="E:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh" "E:\\eMule\\emule.exe"="E:\\eMule\\emule.exe:*:Enabled:eMule" "D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMuleMorphXT" "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix" "D:\\VirtualDJ\\virtualdj_trial.exe"="D:\\VirtualDJ\\virtualdj_trial.exe:*:Enabled:VirtualDJ" "E:\\SecondLifeWindLight\\SLVoice.exe"="E:\\SecondLifeWindLight\\SLVoice.exe:*:Disabled:SLVoice" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: Files with Hidden Attributes: Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sat 20 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 7 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 7 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT74.tmp" Finished! ----------------------------------------------------------------------- RAPPORT VundoFix : VundoFix V6.7.8 Checking Java version... Java version is 1.4.2.4 Old versions of java are exploitable and should be removed. Scan started at 13:29:26 20/02/2008 Listing files found while scanning.... No infected files were found. Beginning removal... ------------------------------------- RAPPORT HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:50:35, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: raccourcis_KPlan.exe.lnk = C:\kplan\KPlan.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: rqrrpqr - rqrrpqr.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8566 bytes

J'ai suivi les instructions à la lettre mais lorsqu'il fallait effacer les fichiers du dossier "TEMP" dans "C:\Documents And Settings\Session utilisateur\Local Settings\Temp" je n'ai pas pu tout effacer, seul le fichier "inA.tmp" n'a pas été effacé. Je vous donne le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36:10, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: e404mgr Class - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1203325843.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: raccourcis_KPlan.exe.lnk = C:\kplan\KPlan.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: rqrrpqr - rqrrpqr.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8891 bytes

Je présume qu'il faut que je suive les instructions écris sur le topic principal

Bonjour, je suis nouveau sur ce forum et j'ai un léger problème avec mon pc. Je suis allé sur un site étranger et je me suis chopé un virus. L'icône de mon anti virus avast est devenu bizarre (apparemment il reçoit du courrier). J'ai des fenêtres d'alerte avast qui apparaissent toutes les minutes sous cette forme : "Message suspect ! Il y a trop de mails identiques envoyés dans un faible intervalle de temps Expéditeur : Brandon Sidorowych" <poecilit@advancedparentingconcepts.com> Destinataire : maggiemay76@gmail.com Sujet : Be a member of the Big Boys' Club." (ce n'est pas tout le temps le même destinataire), c'est limite du spam car j'en ai une cinquante à chaque fois. Des fichiers étranges dans des dossiers sont installés sur mon lecteur C:/ du genre "Bonjour" avec des fichiers "mdnsNSP.dll", voir des ".exe" ou "Xerox" (j'ai aucune imprimante xerox je précise) et ils sont impossible à effacer. J'ai beau faire des scans avec avast ou des anti virus en ligne comme Kasperky, Panda, etc...rien n'y fait, ils trouvent tous des "trojan" et des "vers", ça les effacent mais ça revient quand même. Je fais aussi des scans avec CCleaner, Cleanup, Adaware, Spybot, c'est pareil ça change rien. Je me tourne donc vers vous en dernier recours car j'ai besoin d'aide. J'ai donc téléchargé hijackthis (si c'est utile), j'attends vos instructions, je vous remercie d'avance.