OlivierL

Voici le rapport. C'est moi qui ai installé LogMeIn pour voir mes mails au bureau. MErci d'avance pour le super coup de Main OlivierL ComboFix 08-06-06.4 - Utilisateur 2008-06-07 8:31:44.4 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.611 [GMT 2:00] Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\rbnpsrv.exe C:\WINDOWS\adgpfoxs.dll C:\WINDOWS\eomf.exe C:\WINDOWS\erpobmsw.dll C:\WINDOWS\system32\159.tmp C:\WINDOWS\system32\blphcrdbj0e9m5.scr C:\WINDOWS\system32\Drivers\Winfm86.sys C:\WINDOWS\system32\hfjkvlod.dll C:\WINDOWS\system32\lphcrdbj0e9m5.exe C:\WINDOWS\system32\mlJAsTkk.dll C:\WINDOWS\SYSTEM32\mlJAsTkk.dll c:\windows\system32\mssrv32.exe C:\WINDOWS\system32\phcrdbj0e9m5.bmp C:\WINDOWS\system32\vtUomkjg.dll C:\WINDOWS\SYSTEM32\WinCtrl32.dll C:\WINDOWS\xbqmfsed.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Utilisateur\Application Data\AXPFixer C:\Documents and Settings\Utilisateur\Application Data\shctdbj0e9m5 C:\WINDOWS\eomf.exe C:\WINDOWS\system32\159.tmp C:\WINDOWS\system32\blphcrdbj0e9m5.scr C:\WINDOWS\system32\Drivers\Winfm86.sys C:\WINDOWS\system32\lphcrdbj0e9m5.exe C:\WINDOWS\system32\phcrdbj0e9m5.bmp C:\WINDOWS\xbqmfsed.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_Winfm86 -------\Service_Winfm86 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))))))) . 2008-06-06 21:31 . 2008-06-06 21:31 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft 2008-06-06 21:31 . 2008-06-06 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-06-06 21:31 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-06-06 21:19 . 2008-06-06 21:19 <REP> d-------- C:\Program Files\AVG 2008-06-06 21:19 . 2008-06-06 21:19 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-06-06 21:03 . 2008-06-06 21:03 86 --a------ C:\WINDOWS\wininit.ini 2008-06-06 06:36 . 2008-06-06 06:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-06-05 21:39 . 2008-06-05 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-05 20:43 . 2008-06-05 20:43 <REP> d-------- C:\Program Files\Lavasoft 2008-06-05 20:43 . 2008-06-05 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-05 20:42 . 2008-06-05 20:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-05 19:53 . 2008-06-05 19:53 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AVGTOOLBAR 2008-06-01 10:18 . 2008-06-01 10:18 50 --a------ C:\WINDOWS\brmx2001.ini 2008-06-01 10:18 . 2008-06-01 10:18 40 --a------ C:\WINDOWS\opt_2460.ini 2008-05-31 13:43 . 2008-05-31 13:43 <REP> d-------- C:\Cours officiers 2008-05-25 16:50 . 2008-05-25 16:50 37 --a------ C:\WINDOWS\easyprint.INI 2008-05-25 16:38 . 2008-05-25 16:38 <REP> d-------- C:\Program Files\Pixum 2008-05-25 16:33 . 2008-05-25 16:33 <REP> d-------- C:\Program Files\Pixum AG 2008-05-25 16:33 . 2008-05-25 16:33 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Pixum 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-14 22:29 . 2008-06-07 08:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-14 22:29 . 2008-05-14 22:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-10 09:58 . 2008-05-10 09:58 <REP> d-------- C:\Program Files\iTunes 2008-05-10 09:58 . 2008-05-10 09:58 <REP> d-------- C:\Program Files\iPod 2008-05-10 09:57 . 2008-05-10 09:57 <REP> d-------- C:\Program Files\QuickTime 2008-05-10 09:57 . 2008-05-10 09:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-10 09:56 . 2008-05-10 09:56 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2008-05-10 09:52 . 2008-05-10 09:52 <REP> d-------- C:\Program Files\Apple Software Update 2008-05-10 09:52 . 2008-05-10 09:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-30 15:20 --------- d-----w C:\Program Files\MSECache 2008-04-29 19:34 --------- d-----w C:\Program Files\Winamp Toolbar 2008-04-29 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-06_22.51.23.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-06 20:44:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-07 06:35:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-07 06:35:10 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47 225280] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24 331776] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-14 17:33 185896] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [ ] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30 864256] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 18:57 245760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-03-30 20:11] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] S0 Wingn18;Wingn18;C:\WINDOWS\system32\Drivers\Wingn18.sys [] S0 Winjq17;Winjq17;C:\WINDOWS\system32\Drivers\Winjq17.sys [] S0 Winuc12;Winuc12;C:\WINDOWS\system32\Drivers\Winuc12.sys [] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-08-25 20:10] S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 07:07] S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2005-05-27 09:45] S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-07-20 14:26] S3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-02 15:29] S3 Winbi75;Winbi75;C:\WINDOWS\System32\drivers\Winbi75.sys [2004-08-10 20:00] S3 Winel20;Winel20;C:\WINDOWS\System32\drivers\Winel20.sys [2004-08-10 20:00] S3 Winfm67;Winfm67;C:\WINDOWS\System32\drivers\Winfm67.sys [2004-08-10 20:00] S3 Wingn53;Wingn53;C:\WINDOWS\System32\drivers\Wingn53.sys [2004-08-10 20:00] S3 Winiq75;Winiq75;C:\WINDOWS\System32\drivers\Winiq75.sys [2004-08-10 20:00] S3 Winqx31;Winqx31;C:\WINDOWS\System32\drivers\Winqx31.sys [2004-08-10 20:00] S3 Winry63;Winry63;C:\WINDOWS\System32\drivers\Winry63.sys [2004-08-10 20:00] S3 Winsa75;Winsa75;C:\WINDOWS\System32\drivers\Winsa75.sys [2004-08-10 20:00] S3 Winxe64;Winxe64;C:\WINDOWS\System32\drivers\Winxe64.sys [2004-08-10 20:00] S3 Winxf75;Winxf75;C:\WINDOWS\System32\drivers\Winxf75.sys [2004-08-10 20:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3854e9cf-05d7-11dc-b883-001636867034}] \Shell\AutoRun\command - F:\load.exe /CDROM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1e90da-c27f-11dc-b8eb-001636867034}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-28 20:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 08:35:32 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE C:\WINDOWS\EHOME\EHRECVR.EXE C:\WINDOWS\EHOME\EHSCHED.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\HPZIPM12.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\WINDOWS\EHOME\MCRDSVC.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\EHOME\EHMSAS.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-07 8:38:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-07 06:38:34 ComboFix3.txt 2008-06-06 20:51:46 ComboFix2.txt 2008-06-06 21:02:28 Pre-Run: 41,105,391,616 octets libres Post-Run: 41,134,456,832 octets libres 259 --- E O F --- 2008-05-29 07:05:06 Voici la rapport Combofix-quarantined- 2006-01-23 12:41 233472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir 2006-01-23 12:41 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir 2006-01-23 12:41 53299 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir 2006-01-23 12:41 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir 2006-01-23 12:41 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir 2008-06-05 11:36 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\xbqmfsed.exe.vir 2008-06-05 11:36 94208 --a------ C:\Qoobox\Quarantine\C\WINDOWS\eomf.exe.vir 2008-06-05 14:33 92160 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lphcrdbj0e9m5.exe.vir 2008-06-05 14:34 33920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJAsTkk.dll.vir 2008-06-05 14:35 33920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRHXpMf.dll.vir 2008-06-05 19:52 96128 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hfjkvlod.dll.vir 2008-06-05 20:18 121131 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gjkmoUtv.ini.vir 2008-06-05 20:18 121131 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gjkmoUtv.ini2.vir 2008-06-05 21:30 52736 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\159.tmp.vir 2008-06-06 20:16 15360 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir 2008-06-06 21:21 15360 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir 2008-06-06 21:25 1593829 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dolvkjfh.ini.vir 2008-06-06 21:26 320256 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXqNHXR.dll.vir 2008-06-06 21:27 1593889 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tikeurut.ini.vir 2008-06-06 21:27 92544 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\turuekit.dll.vir 2008-06-06 22:05 124138 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\RXHNqXbc.ini2.vir 2008-06-06 22:06 124138 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\RXHNqXbc.ini.vir 2008-06-06 22:08 856 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_MSUPDATE.reg.dat 2008-06-06 22:09 1110 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_msupdate.reg.dat 2008-06-06 22:09 984 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat 2008-06-07 08:22 52736 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\blphcrdbj0e9m5.scr.vir 2008-06-07 08:22 90838 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\phcrdbj0e9m5.bmp.vir 2008-06-07 08:31 30080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Winfm86.sys.vir 2008-06-07 08:33 1088 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_Winfm86.reg.dat 2008-06-07 08:33 19605 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Winfm86.sys.zip 2008-06-07 08:33 19605 --a------ C:\Qoobox\Quarantine\catchme2008-06-07_ 83324,93.zip 2008-06-07 08:33 2068 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_Winfm86.reg.dat 2008-06-07 08:33 735 --a------ C:\Qoobox\Quarantine\catchme.log

voici le rapport mais les scarabbés sont toujours là, l'ordi fonctionne mieux mais j'ai toujours comme fond d'écran une fenêtre jaune au milieu de l'écran dans laquelle il est indiqué : Warning ! Spyware detected on your computer. install an antivirus or spyware remover to clean your computer. ComboFix 08-06-06.4 - Utilisateur 2008-06-06 23:00:17.3 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.330 [GMT 2:00] Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))))))) . 2008-06-06 22:46 . 2008-06-06 22:46 <REP> d-------- C:\Program Files\AXPFixer 2008-06-06 22:46 . 2008-06-06 22:46 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AXPFixer 2008-06-06 21:31 . 2008-06-06 21:31 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Grisoft 2008-06-06 21:31 . 2008-06-06 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-06-06 21:31 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-06-06 21:19 . 2008-06-06 21:19 <REP> d-------- C:\Program Files\AVG 2008-06-06 21:19 . 2008-06-06 21:19 10,520 --------- C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-06-06 21:03 . 2008-06-06 21:03 86 --a------ C:\WINDOWS\wininit.ini 2008-06-06 09:30 . 2008-06-05 21:30 52,736 --a------ C:\WINDOWS\system32\159.tmp 2008-06-06 06:36 . 2008-06-06 06:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-06-05 21:39 . 2008-06-05 21:39 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-05 21:39 . 2008-06-05 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-05 20:43 . 2008-06-05 20:43 <REP> d-------- C:\Program Files\Lavasoft 2008-06-05 20:43 . 2008-06-05 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-05 20:42 . 2008-06-05 20:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-05 19:53 . 2008-06-05 19:53 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\AVGTOOLBAR 2008-06-05 14:34 . 2008-06-05 14:34 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\shctdbj0e9m5 2008-06-05 14:34 . 2008-06-05 11:36 94,208 --a------ C:\WINDOWS\eomf.exe 2008-06-05 14:34 . 2008-06-05 11:36 81,920 --a------ C:\WINDOWS\xbqmfsed.exe 2008-06-05 14:33 . 2008-06-05 14:33 92,160 --a------ C:\WINDOWS\system32\lphcrdbj0e9m5.exe 2008-06-05 14:33 . 2008-06-06 22:45 90,838 --a------ C:\WINDOWS\system32\phcrdbj0e9m5.bmp 2008-06-05 14:33 . 2008-06-06 22:45 52,736 --a------ C:\WINDOWS\system32\blphcrdbj0e9m5.scr 2008-06-01 10:18 . 2008-06-01 10:18 50 --a------ C:\WINDOWS\brmx2001.ini 2008-06-01 10:18 . 2008-06-01 10:18 40 --a------ C:\WINDOWS\opt_2460.ini 2008-05-31 13:43 . 2008-05-31 13:43 <REP> d-------- C:\Cours officiers 2008-05-25 16:50 . 2008-05-25 16:50 37 --a------ C:\WINDOWS\easyprint.INI 2008-05-25 16:38 . 2008-05-25 16:38 <REP> d-------- C:\Program Files\Pixum 2008-05-25 16:33 . 2008-05-25 16:33 <REP> d-------- C:\Program Files\Pixum AG 2008-05-25 16:33 . 2008-05-25 16:33 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Pixum 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-14 22:29 . 2008-06-06 22:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-14 22:29 . 2008-05-14 22:29 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-10 09:58 . 2008-05-10 09:58 <REP> d-------- C:\Program Files\iTunes 2008-05-10 09:58 . 2008-05-10 09:58 <REP> d-------- C:\Program Files\iPod 2008-05-10 09:57 . 2008-05-10 09:57 <REP> d-------- C:\Program Files\QuickTime 2008-05-10 09:57 . 2008-05-10 09:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-10 09:56 . 2008-05-10 09:56 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2008-05-10 09:52 . 2008-05-10 09:52 <REP> d-------- C:\Program Files\Apple Software Update 2008-05-10 09:52 . 2008-05-10 09:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-30 15:20 --------- d-----w C:\Program Files\MSECache 2008-04-29 19:34 --------- d-----w C:\Program Files\Winamp Toolbar 2008-04-29 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{189A78B1-CEB8-45FD-9C12-4B9C8A965A58}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{667FE4D5-64C4-40D6-B06F-4425639558F7}] C:\WINDOWS\system32\vtUomkjg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98F9297B-5B9B-4C3A-9E60-7F6D35080085}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 16120832 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21 53248] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54 352256] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41 3080704] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03 471040] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47 225280] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24 331776] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-06-14 17:33 185896] "CmUsbSound"="cmcnfgu.cpl" [] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [ ] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30 864256] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "lphcrdbj0e9m5"="C:\WINDOWS\system32\lphcrdbj0e9m5.exe" [2008-06-05 14:33 92160] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 18:57 245760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "adgpfoxs"= {D55755A1-0EBF-4980-9FC1-B390431BED71} - C:\WINDOWS\adgpfoxs.dll [ ] "erpobmsw"= {A554A3C4-CEDB-4416-9088-1133C7DD80CD} - C:\WINDOWS\erpobmsw.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbi75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfm67.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfm86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingn18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingn53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winiq75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjq17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx31.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winry63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuc12.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxe64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxf75.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 Winfm86;Winfm86;C:\WINDOWS\system32\Drivers\Winfm86.sys [] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-03-30 20:11] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 17:50] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] S0 Wingn18;Wingn18;C:\WINDOWS\system32\Drivers\Wingn18.sys [] S0 Winjq17;Winjq17;C:\WINDOWS\system32\Drivers\Winjq17.sys [] S0 Winuc12;Winuc12;C:\WINDOWS\system32\Drivers\Winuc12.sys [] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2005-08-25 20:10] S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 07:07] S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2005-05-27 09:45] S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-07-20 14:26] S3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-02 15:29] S3 Winbi75;Winbi75;C:\WINDOWS\System32\drivers\Winbi75.sys [2004-08-10 20:00] S3 Winel20;Winel20;C:\WINDOWS\System32\drivers\Winel20.sys [2004-08-10 20:00] S3 Winfm67;Winfm67;C:\WINDOWS\System32\drivers\Winfm67.sys [2004-08-10 20:00] S3 Wingn53;Wingn53;C:\WINDOWS\System32\drivers\Wingn53.sys [2004-08-10 20:00] S3 Winiq75;Winiq75;C:\WINDOWS\System32\drivers\Winiq75.sys [2004-08-10 20:00] S3 Winqx31;Winqx31;C:\WINDOWS\System32\drivers\Winqx31.sys [2004-08-10 20:00] S3 Winry63;Winry63;C:\WINDOWS\System32\drivers\Winry63.sys [2004-08-10 20:00] S3 Winsa75;Winsa75;C:\WINDOWS\System32\drivers\Winsa75.sys [2004-08-10 20:00] S3 Winxe64;Winxe64;C:\WINDOWS\System32\drivers\Winxe64.sys [2004-08-10 20:00] S3 Winxf75;Winxf75;C:\WINDOWS\System32\drivers\Winxf75.sys [2004-08-10 20:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3854e9cf-05d7-11dc-b883-001636867034}] \Shell\AutoRun\command - F:\load.exe /CDROM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1e90da-c27f-11dc-b8eb-001636867034}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1e90db-c27f-11dc-b8eb-001636867034}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(0)\command - Recycled\ctfmon.exe *Newly Created Service* - ASWUPDSV *Newly Created Service* - AVAST!_ANTIVIRUS *Newly Created Service* - AVAST!_MAIL_SCANNER *Newly Created Service* - AVAST!_WEB_SCANNER . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-28 20:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 23:01:45 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-06 23:02:25 ComboFix-quarantined-files.txt 2008-06-06 21:02:20 ComboFix2.txt 2008-06-06 20:51:46 Pre-Run: 41,208,283,136 octets libres Post-Run: 41,197,895,680 octets libres 243 --- E O F --- 2008-05-29 07:05:06

je trouve pas résident teatimer

Il me met un message d'erreur, you cannot rename combofix as combofix(1) i

Bonjour, j'ai des bébettes qui bouffent mon écran et ralentissent mon PC. En mode sans échec ça fonctionne. Avast me dit que j'ai des chevaux de troie et virus mais quand je marque supprimer, il revient avec un autre. J'ai fait un scan Hijackthis, voici le rapport. Merci d'avance pour le coup de main. OlivierL Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:43, on 6/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE F:\HiJackThis.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.fr.acer.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {189A78B1-CEB8-45FD-9C12-4B9C8A965A58} - C:\WINDOWS\system32\mlJAsTkk.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {667FE4D5-64C4-40D6-B06F-4425639558F7} - C:\WINDOWS\system32\vtUomkjg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lphcrdbj0e9m5] C:\WINDOWS\system32\lphcrdbj0e9m5.exe O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\rbnpsrv.exe/r O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\hfjkvlod.dll",b O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.pennel.fr/postauthI/epi.cab O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - http://www.pixum.de/int/EasyUpload/ImgUploader.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB48AC91-292B-43C5-AA38-A669DE91C598}: NameServer = 212.166.2.10,212.166.3.106 O20 - Winlogon Notify: mlJAsTkk - C:\WINDOWS\SYSTEM32\mlJAsTkk.dll O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: adgpfoxs - {D55755A1-0EBF-4980-9FC1-B390431BED71} - C:\WINDOWS\adgpfoxs.dll O21 - SSODL: erpobmsw - {A554A3C4-CEDB-4416-9088-1133C7DD80CD} - C:\WINDOWS\erpobmsw.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 12054 bytes