zester

non ca donne rien la fenetre de restau s'ouvre mais elle reste vide ...

bah j'ai du me planter alors car ca m'a effacer la quasi totalite de mon dd je sais plus quoi faire plus rien ne marche meme plus d'outil système et plus de net evidemment je me co avec ma ps3 la je sais vraiment plus quoi faire...

je te parle part l intermédiaire d un amie car mon disc dure vien d etre effacé,je n ai meme plus les outis systeme pour tenter une restauration,en gros c est la cathastrophe,tous mes doccuement on etait effacé au secours!!! comment est que je peux réparer tous sa merci d avance

c'est en train de tout me supprimer là ça a virer les trois quarts de ce que j'avais sur mon bureau c normal ?

je te file déjà le rapport de combofix et je te met le diag help de suite ComboFix 08-05-01.3 - PC 2008-05-06 20:06:29.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.572 [GMT 2:00] Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\PC\Bureau\CFScript.txt * Création d'un nouveau point de restauration * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\SYSTEM32\XXYYVSMF.DLL . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))))))) . 2008-05-06 18:55 . 2008-05-06 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-06 18:54 . 2008-05-06 18:54 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-06 18:54 . 2008-05-06 18:54 <REP> d-------- C:\WINDOWS\LastGood 2008-05-06 14:45 . 2008-05-06 15:00 <REP> d-------- C:\HJT 2008-05-06 11:20 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 11:20 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-04-26 08:28 . 2008-04-26 08:28 <REP> d-------- C:\Program Files\Lavasoft 2008-04-26 08:28 . 2008-04-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-26 08:25 . 2008-04-26 08:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 16:13 . 2008-04-25 16:13 <REP> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes 2008-04-25 16:12 . 2008-05-06 11:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 16:12 . 2008-04-25 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 16:11 . 2008-04-25 16:12 20,906,864 --a------ C:\TEMP\aaw2007.exe 2008-04-25 16:11 . 2008-04-25 16:11 1,546,928 --a------ C:\TEMP\mbam-setup.exe 2008-04-21 21:45 . 2008-04-21 21:45 <REP> d-------- C:\Program Files\Bonjour 2008-04-21 21:09 . 2008-04-21 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-21 15:57 . 2008-04-21 15:57 379 --a------ C:\TEMP\Adobe_Photoshop_CS3_Extended_(Serial).zip 2008-04-21 15:56 . 2008-04-21 15:56 310 --a------ C:\TEMP\Adobe_Photoshop_CS3e_(Serial).zip 2008-04-21 15:52 . 2008-04-21 15:52 206 --a------ C:\TEMP\Adobe_Photoshop_3_x_(Serial).zip 2008-04-21 15:50 . 2008-04-21 15:50 322,961 --a------ C:\TEMP\55mm_v3.0_for_Adobe_Photoshop.zip 2008-04-21 11:50 . 2008-04-21 11:50 <REP> d-------- C:\Program Files\SAGEM 2008-04-21 11:50 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-04-16 12:22 . 2008-04-16 12:22 27,208 --a------ C:\TEMP\leconsdefrancais.pps.zip 2008-04-16 12:21 . 2008-04-16 12:21 204,440 --a------ C:\TEMP\attachments_2008_04_16.zip 2008-04-13 20:08 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\Tetris 2008-04-13 20:08 . 2008-04-13 20:08 916,787 --a------ C:\TEMP\tetris.exe 2008-04-12 15:35 . 2008-05-01 18:29 <REP> d-------- C:\Program Files\ShotOnline International 2008-04-12 15:17 . 2008-04-12 15:34 402,691,544 --a------ C:\TEMP\ShotOnlineClient_Global_GamesCampus.exe 2008-04-06 19:12 . 2008-04-23 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-06 19:12 . 2008-04-06 19:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-06 16:55 . 2008-04-06 16:55 3,302,187 --a------ C:\TEMP\AuctioneerFullSuite-5.0.PRE.2988.zip 2008-04-06 16:48 . 2008-04-06 16:48 464,819 --a------ C:\TEMP\ControlArena-1.0beta9.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 16:14 --------- d-----w C:\Program Files\wow model viewer 2008-05-06 10:14 --------- d-----w C:\Program Files\Wanadoo 2008-05-06 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-21 19:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-04-21 09:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-19 09:20 --------- d-----w C:\Program Files\World of Warcraft 2008-04-13 17:35 --------- d-----w C:\Program Files\Everest Poker 2008-04-11 07:31 --------- d-----w C:\Documents and Settings\PC\Application Data\dvdcss 2008-04-07 06:36 --------- d-----w C:\Program Files\WowCartographe 2008-04-05 17:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-05 16:52 --------- d-----w C:\Program Files\WinamaxPoker 2008-04-03 11:25 --------- d-----w C:\Program Files\Disc2Phone 2008-03-25 11:51 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-03-25 11:49 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-03-20 15:28 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-20 15:04 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-08 11:24 --------- d-----w C:\Documents and Settings\PC\Application Data\Samsung 2008-03-08 11:18 --------- d-----w C:\Program Files\Samsung 2008-03-07 14:40 --------- d-----w C:\Program Files\EA GAMES 2008-03-06 15:14 --------- d-----w C:\Program Files\Warcraft III 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-10 22:32 357 ----a-w C:\Documents and Settings\PC\.cb_layout.bin 2007-12-26 16:57 27,512 ----a-w C:\Documents and Settings\PC\Application Data\GDIPFONTCACHEV1.DAT 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Barre d'état système d'ATI CATALYST.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Barre d'état système d'ATI CATALYST.lnk backup=C:\WINDOWS\pss\Barre d'état système d'ATI CATALYST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayer] --a------ 2007-06-20 20:27 2012832 C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2005-10-26 03:51 122929 C:\Program Files\Securitoo\av_fw\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] --a------ 2005-10-18 10:29 372736 C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2005-07-18 16:51 700416 C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2007-02-06 01:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] --a------ 2006-11-22 03:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service] --a------ 2005-05-31 14:45 356352 C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] --a------ 2004-04-21 10:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-08-20 00:10 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-09-12 22:40 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04] R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2007-11-15 10:35] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-25 16:03] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03] S3 bDMusicb;bDMusicb;C:\DOCUME~1\PC\LOCALS~1\Temp\bDMusicb.sys [] S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-06-20 20:27] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3abf96-ed65-11da-85f4-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-06 06:40:09 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus. . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 20:12:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** . Temps d'accomplissement: 2008-05-06 20:14:41 ComboFix-quarantined-files.txt 2008-05-06 18:14:03 ComboFix2.txt 2008-05-06 13:44:45 Pre-Run: 17,180,696,576 octets libres Post-Run: 17,205,030,912 octets libres 184 --- E O F --- 2008-05-02 21:27:40

oui j'ai bien vider mes temp avec atf. EN fait j'ai toujours la fenêtre de mon antivirus qui me dit que je suis infecté par ce fameux packed.win32.monder.gen dans le fichier C:\WINDOWS\SYSTEM32\XXYYVSMF.DLL (et qu'il ne peut pas le supprimer bien sur ) Voilà (scan kaspersky en cours) encore merci de ta rapidité a répondre

et voilà ewido a fini voilà le rapport : __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Connextra Path: C:\Documents and Settings\PC\Cookies\pc@connextra[1].txt Risk: Medium Name: TrackingCookie.Yadro Path: C:\Documents and Settings\PC\Cookies\pc@yadro[2].txt Risk: Medium Name: Not-A-Virus.Adware.AdMedia Path: C:\Program Files\wow model viewer\wowmodelview.exe Risk: Low Name: Not-A-Virus.Adware.AdMedia Path: C:\TEMP\wowmodelview-0.5.08.zip/wowmodelview.exe Risk: Low

Désolé c'est assez long, je te met le rapport de combofix en attendant que ewido ai fini son scan ComboFix 08-05-01.3 - PC 2008-05-06 15:41:04.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.575 [GMT 2:00] Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\PC\Bureau\CFScript.txt * Création d'un nouveau point de restauration * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\PC\Bureau\3.3.1_Installation Player Orange .exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\PC\Bureau\3.3.1_Installation Player Orange .exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))))))) . 2008-05-06 14:45 . 2008-05-06 15:00 <REP> d-------- C:\HJT 2008-05-06 11:20 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 11:20 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-04-26 08:28 . 2008-04-26 08:28 <REP> d-------- C:\Program Files\Lavasoft 2008-04-26 08:28 . 2008-04-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-26 08:25 . 2008-04-26 08:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 16:13 . 2008-04-25 16:13 <REP> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes 2008-04-25 16:12 . 2008-05-06 11:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 16:12 . 2008-04-25 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 16:11 . 2008-04-25 16:12 20,906,864 --a------ C:\TEMP\aaw2007.exe 2008-04-25 16:11 . 2008-04-25 16:11 1,546,928 --a------ C:\TEMP\mbam-setup.exe 2008-04-21 21:45 . 2008-04-21 21:45 <REP> d-------- C:\Program Files\Bonjour 2008-04-21 21:09 . 2008-04-21 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-21 15:57 . 2008-04-21 15:57 379 --a------ C:\TEMP\Adobe_Photoshop_CS3_Extended_(Serial).zip 2008-04-21 15:56 . 2008-04-21 15:56 310 --a------ C:\TEMP\Adobe_Photoshop_CS3e_(Serial).zip 2008-04-21 15:52 . 2008-04-21 15:52 206 --a------ C:\TEMP\Adobe_Photoshop_3_x_(Serial).zip 2008-04-21 15:50 . 2008-04-21 15:50 322,961 --a------ C:\TEMP\55mm_v3.0_for_Adobe_Photoshop.zip 2008-04-21 11:50 . 2008-04-21 11:50 <REP> d-------- C:\Program Files\SAGEM 2008-04-21 11:50 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-04-16 12:22 . 2008-04-16 12:22 27,208 --a------ C:\TEMP\leconsdefrancais.pps.zip 2008-04-16 12:21 . 2008-04-16 12:21 204,440 --a------ C:\TEMP\attachments_2008_04_16.zip 2008-04-13 20:08 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\Tetris 2008-04-13 20:08 . 2008-04-13 20:08 916,787 --a------ C:\TEMP\tetris.exe 2008-04-12 15:35 . 2008-05-01 18:29 <REP> d-------- C:\Program Files\ShotOnline International 2008-04-12 15:17 . 2008-04-12 15:34 402,691,544 --a------ C:\TEMP\ShotOnlineClient_Global_GamesCampus.exe 2008-04-06 19:12 . 2008-04-23 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-06 19:12 . 2008-04-06 19:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-06 16:55 . 2008-04-06 16:55 3,302,187 --a------ C:\TEMP\AuctioneerFullSuite-5.0.PRE.2988.zip 2008-04-06 16:48 . 2008-04-06 16:48 464,819 --a------ C:\TEMP\ControlArena-1.0beta9.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 10:14 --------- d-----w C:\Program Files\Wanadoo 2008-05-06 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-21 19:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-04-21 09:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-19 09:20 --------- d-----w C:\Program Files\World of Warcraft 2008-04-13 17:35 --------- d-----w C:\Program Files\Everest Poker 2008-04-11 07:31 --------- d-----w C:\Documents and Settings\PC\Application Data\dvdcss 2008-04-07 06:36 --------- d-----w C:\Program Files\WowCartographe 2008-04-05 17:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-05 16:52 --------- d-----w C:\Program Files\WinamaxPoker 2008-04-03 11:25 --------- d-----w C:\Program Files\Disc2Phone 2008-03-27 09:52 --------- d-----w C:\Program Files\wow model viewer 2008-03-25 11:51 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-03-25 11:49 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-03-20 15:28 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-20 15:04 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-08 11:24 --------- d-----w C:\Documents and Settings\PC\Application Data\Samsung 2008-03-08 11:18 --------- d-----w C:\Program Files\Samsung 2008-03-07 14:40 --------- d-----w C:\Program Files\EA GAMES 2008-03-06 15:14 --------- d-----w C:\Program Files\Warcraft III 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-10 22:32 357 ----a-w C:\Documents and Settings\PC\.cb_layout.bin 2007-12-26 16:57 27,512 ----a-w C:\Documents and Settings\PC\Application Data\GDIPFONTCACHEV1.DAT 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Barre d'état système d'ATI CATALYST.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Barre d'état système d'ATI CATALYST.lnk backup=C:\WINDOWS\pss\Barre d'état système d'ATI CATALYST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayer] --a------ 2007-06-20 20:27 2012832 C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2005-10-26 03:51 122929 C:\Program Files\Securitoo\av_fw\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] --a------ 2005-10-18 10:29 372736 C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2005-07-18 16:51 700416 C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2007-02-06 01:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] --a------ 2006-11-22 03:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service] --a------ 2005-05-31 14:45 356352 C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] --a------ 2004-04-21 10:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-08-20 00:10 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-09-12 22:40 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04] R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2007-11-15 10:35] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-25 16:03] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03] S3 bDMusicb;bDMusicb;C:\DOCUME~1\PC\LOCALS~1\Temp\bDMusicb.sys [] S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-06-20 20:27] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3abf96-ed65-11da-85f4-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-06 06:40:09 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus. . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 15:42:25 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-05-06 15:44:44 ComboFix-quarantined-files.txt 2008-05-06 13:43:40 ComboFix2.txt 2008-05-06 13:13:24 Pre-Run: 15,217,631,232 octets libres Post-Run: 15,188,971,520 octets libres 183 --- E O F --- 2008-05-02 21:27:40

ComboFix 08-05-01.3 - PC 2008-05-06 15:04:40.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.659 [GMT 2:00] Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))))))) . 2008-05-06 14:45 . 2008-05-06 15:00 <REP> d-------- C:\HJT 2008-05-06 11:20 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 11:20 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-04-26 08:28 . 2008-04-26 08:28 <REP> d-------- C:\Program Files\Lavasoft 2008-04-26 08:28 . 2008-04-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-26 08:25 . 2008-04-26 08:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 16:13 . 2008-04-25 16:13 <REP> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes 2008-04-25 16:12 . 2008-05-06 11:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 16:12 . 2008-04-25 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 16:11 . 2008-04-25 16:12 20,906,864 --a------ C:\TEMP\aaw2007.exe 2008-04-25 16:11 . 2008-04-25 16:11 1,546,928 --a------ C:\TEMP\mbam-setup.exe 2008-04-21 21:45 . 2008-04-21 21:45 <REP> d-------- C:\Program Files\Bonjour 2008-04-21 21:09 . 2008-04-21 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-04-21 15:57 . 2008-04-21 15:57 379 --a------ C:\TEMP\Adobe_Photoshop_CS3_Extended_(Serial).zip 2008-04-21 15:56 . 2008-04-21 15:56 310 --a------ C:\TEMP\Adobe_Photoshop_CS3e_(Serial).zip 2008-04-21 15:52 . 2008-04-21 15:52 206 --a------ C:\TEMP\Adobe_Photoshop_3_x_(Serial).zip 2008-04-21 15:50 . 2008-04-21 15:50 322,961 --a------ C:\TEMP\55mm_v3.0_for_Adobe_Photoshop.zip 2008-04-21 11:50 . 2008-04-21 11:50 <REP> d-------- C:\Program Files\SAGEM 2008-04-21 11:50 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2008-04-16 12:22 . 2008-04-16 12:22 27,208 --a------ C:\TEMP\leconsdefrancais.pps.zip 2008-04-16 12:21 . 2008-04-16 12:21 204,440 --a------ C:\TEMP\attachments_2008_04_16.zip 2008-04-13 20:08 . 2008-04-13 20:08 <REP> d-------- C:\Program Files\Tetris 2008-04-13 20:08 . 2008-04-13 20:08 916,787 --a------ C:\TEMP\tetris.exe 2008-04-12 15:35 . 2008-05-01 18:29 <REP> d-------- C:\Program Files\ShotOnline International 2008-04-12 15:17 . 2008-04-12 15:34 402,691,544 --a------ C:\TEMP\ShotOnlineClient_Global_GamesCampus.exe 2008-04-06 19:12 . 2008-04-23 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-06 19:12 . 2008-04-06 19:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-06 16:55 . 2008-04-06 16:55 3,302,187 --a------ C:\TEMP\AuctioneerFullSuite-5.0.PRE.2988.zip 2008-04-06 16:48 . 2008-04-06 16:48 464,819 --a------ C:\TEMP\ControlArena-1.0beta9.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 10:14 --------- d-----w C:\Program Files\Wanadoo 2008-05-06 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-21 19:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-04-21 09:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-19 09:20 --------- d-----w C:\Program Files\World of Warcraft 2008-04-13 17:35 --------- d-----w C:\Program Files\Everest Poker 2008-04-11 07:31 --------- d-----w C:\Documents and Settings\PC\Application Data\dvdcss 2008-04-07 06:36 --------- d-----w C:\Program Files\WowCartographe 2008-04-05 17:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-05 16:52 --------- d-----w C:\Program Files\WinamaxPoker 2008-04-03 11:25 --------- d-----w C:\Program Files\Disc2Phone 2008-03-27 09:52 --------- d-----w C:\Program Files\wow model viewer 2008-03-25 11:51 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-03-25 11:49 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-03-20 15:28 --------- d-----w C:\Program Files\Alcohol Soft 2008-03-20 15:04 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-08 11:24 --------- d-----w C:\Documents and Settings\PC\Application Data\Samsung 2008-03-08 11:18 --------- d-----w C:\Program Files\Samsung 2008-03-07 14:40 --------- d-----w C:\Program Files\EA GAMES 2008-03-06 15:14 --------- d-----w C:\Program Files\Warcraft III 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-10 22:32 357 ----a-w C:\Documents and Settings\PC\.cb_layout.bin 2007-12-26 16:57 27,512 ----a-w C:\Documents and Settings\PC\Application Data\GDIPFONTCACHEV1.DAT 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . <pre> ----a-w 14,597,893 2006-12-12 20:37:49 C:\Documents and Settings\PC\Bureau\3.3.1_Installation Player Orange .exe </pre> ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Barre d'état système d'ATI CATALYST.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Barre d'état système d'ATI CATALYST.lnk backup=C:\WINDOWS\pss\Barre d'état système d'ATI CATALYST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayer] --a------ 2007-06-20 20:27 2012832 C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2005-10-26 03:51 122929 C:\Program Files\Securitoo\av_fw\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] --a------ 2005-10-18 10:29 372736 C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2005-07-18 16:51 700416 C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2007-02-06 01:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] --a------ 2006-11-22 03:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service] --a------ 2005-05-31 14:45 356352 C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrangePlayer] --a------ 2006-12-08 11:36 40960 c:\program files\orange\player orange\Player Orange.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar] --a------ 2004-04-21 10:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-08-20 00:10 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-09-12 22:40 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04] R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [2007-11-15 10:35] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-25 16:03] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03] S3 bDMusicb;bDMusicb;C:\DOCUME~1\PC\LOCALS~1\Temp\bDMusicb.sys [] S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-06-20 20:27] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3abf96-ed65-11da-85f4-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-06 06:40:09 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tâche ajoutée par F-Secure Anti-Virus. . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 15:10:03 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-06 15:13:23 ComboFix-quarantined-files.txt 2008-05-06 13:12:59 Pre-Run: 11,022,184,448 octets libres Post-Run: 11,800,121,344 octets libres 183 --- E O F --- 2008-05-02 21:27:40

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:47:39, on 06/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{A42CD8A5-5D76-4681-B064-7ABA8953FC8D}: NameServer = 192.168.1.1 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7600 bytes voilà ça c'est fait =) (merci de ta rapidité )

Bonjour a tous Tout est dit dans le titre, j'ai choppé cette saleté et n'arrive pas a m'en débarasser. J'ai essayer de scan avec tout ce que je connaissai (malware bytes,ad aware, spybot...), mais rien n'y fait mon antivirus est l'antivirus d'orange (celui qu'on paie 5 euro par mois grrrr...) Donc voilà si une âme charitable pouvait voler a mon secours ce serait bien sympa Merci d'avance pour vos réponse