hmmank

non tout est correcte que dois je faire apres?

merci je l'ai vu j'ai deja desactivé et activé la restauration du systéme

merci j'ai executé ATF Cleaner mais je ne vois pas l'onglet Restauration du système, sélectionnez Désactiver la Restauration du système sur proprietés .

alors voila le resultat du scan pour la premiere étape. Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Service Service load: 0% 100% File: copyinf.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5: e09ff3fc591177f8a15ac1fa655b0805 Packers detected: - Scanner results Scan taken on 17 Jan 2009 18:05:43 (GMT) A-Squared Found nothing AntiVir Found TR/Trash.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by HotelScraper.com. -------------------------------------------------------------------------------- Statistics Last file scanned at least one scanner reported something about: unique_spawnmap.exe (MD5: cbf353aee647bc58c72b0b893fefe307, size: 2561536 bytes), detected by: Scanner Malware name A-Squared Virus.Win32.OnLineGames.EFZ!IK AntiVir X ArcaVir X Avast X AVG Antivirus X BitDefender X ClamAV X CPsecure X Dr.Web X F-Prot Antivirus W32/Patcher.A.gen!Eldorado F-Secure Anti-Virus X G DATA X Ikarus Virus.Win32.OnLineGames.EFZ Kaspersky Anti-Virus X NOD32 a variant of Win32/HackTool.Patcher.A application Norman Virus Control X Panda Antivirus X Sophos Antivirus X VirusBuster X VBA32 X You are free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Frequently asked questions - Privacy policy Page generated by JTPL © 2004-2009 Jotti <jotti@jotti.org> ensuite voila le fichier log de combofix avec CFScript ComboFix 09-01-17.02 - Administrateur 2009-01-17 13:47:43.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510.214 [GMT -5:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt.txt AV: BitDefender Antivirus Plus v10 *On-access scanning disabled* (Outdated) AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) FW: BitDefender Antivirus Plus v10 *disabled* * Un nouveau point de restauration a été créé FILE :: c:\windows\iloxitok.dll c:\windows\system32\drivers\a52efaef.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\iloxitok.dll c:\windows\system32\drivers\a52efaef.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_a52efaef ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 )))))))))))))))))))))))))))))))))))) . 2009-01-16 08:27 . 2009-01-16 08:27 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\Navilog1 2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\CCleaner 2009-01-15 20:43 . 2009-01-15 20:43 <REP> d-------- c:\program files\Trend Micro 2009-01-15 16:10 . 2009-01-15 16:10 3,683,606 --a------ c:\documents and settings\All Users.aawqff 2009-01-15 15:30 . 2009-01-15 15:30 <REP> d-------- c:\program files\Lavasoft 2009-01-15 15:30 . 2009-01-15 15:33 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2009-01-15 15:29 . 2009-01-15 15:29 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2009-01-14 21:28 . 2009-01-14 21:28 <REP> d----c--- C:\sav_install 2009-01-10 13:21 . 2009-01-10 17:41 <REP> d-------- c:\program files\SWiSHE.NET 2008-12-31 21:40 . 2008-12-31 21:40 <REP> d----c--- c:\windows\PaltalkScene 2008-12-29 07:16 . 2008-12-31 21:51 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2008-12-21 08:46 . 2008-12-21 08:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\PDM 2008-12-21 08:36 . 2008-12-21 08:36 <REP> d-------- c:\program files\Palm Digital Media 2008-12-20 03:01 . 2008-12-20 03:01 <REP> d-------- c:\program files\MSXML 4.0 2008-12-19 22:18 . 2008-05-01 09:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-12-19 22:07 . 2008-12-20 03:41 <REP> d-------- c:\windows\system32\CatRoot_bak 2008-12-19 18:07 . 2008-12-20 15:16 <REP> d-------- c:\program files\HighwayPursuit . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 13:04 --------- d-----w c:\program files\BitComet 2009-01-04 16:24 --------- d-----w c:\program files\Google 2009-01-01 02:41 --------- d-----w c:\program files\Paltalk Messenger 2009-01-01 02:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\Paltalk 2008-12-29 20:53 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-12-20 15:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-12-20 15:18 --------- d-----w c:\program files\Saint-Coran Toolbar 2008-12-20 14:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files 2008-12-19 21:54 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-04-07 01:17 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-02-22 01:07 8 ----a-w c:\documents and settings\Administrateur\Application Data\usb.dat.bin 2005-01-29 10:57 81,981 ----a-w c:\program files\Copie de catbbmagic.dll 2004-08-10 09:46 39 ----a-w c:\program files\Copie de 2d45nt6.dll 2002-06-04 09:06 65,536 ------w c:\windows\inf\copyinf.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2007-01-12 1740800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544] "IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" [2002-04-20 102400] "BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-22 185896] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "Athan"="c:\program files\Athan\Athan.exe" [2006-09-17 978944] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704] "SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816] "Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 310000] "-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 13552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "PCTVOICE"="pctspk.exe" [2003-04-18 c:\windows\system32\pctspk.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872] AutoCAD Startup Accelerator.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-04 11000] desktop(2).ini [2006-11-17 84] PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-11-14 11376640] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\WINDOWS\\system32\\mcoinstall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"= "c:\\CIMCO\\DNCMax5\\DNCAdmin5.exe"= "c:\\CIMCO\\DNCMax5\\DNCMax5.exe"= "c:\\BUREAU\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"= "c:\\Documents and Settings\\Administrateur\\Mes documents\\CIMCO khalid\\cimco\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "<NO NAME>"= :Windows Service Processor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11272:TCP"= 11272:TCP:BitComet 11272 TCP "11272:UDP"= 11272:UDP:BitComet 11272 UDP "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "8736:TCP"= 8736:TCP:BitComet 8736 TCP "8736:UDP"= 8736:UDP:BitComet 8736 UDP R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R4 CIMCODNCMAX;CIMCO DNC-Max;c:\cimco\DNCMax5\DNCMax5.exe [2007-10-02 741376] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?] S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\windows\system32\dllhost.exe [2004-08-03 5120] S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-24 3584] --- Autres Services/Pilotes en mémoire --- *Deregistered* - IPVNMon . Contenu du dossier 'Tâches planifiées' 2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2009-01-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 23:25] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab c:\windows\Downloaded Program Files\TruePass EPF 7,0,100,730.osd O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version= c:\windows\Downloaded Program Files\hardwaredetection.inf FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lsvfrtrk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 13:56:13 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\Administrator\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1072) c:\windows\system32\l3codeca.acm . ------------------------ Autres processus actifs ------------------------ . c:\program files\Bell\Gestionnaire de securite\Fws.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe c:\program files\CA\PPRT\bin\ITMRTSVC.exe c:\cimco\NCBase5\Bin\cimcodb-nt.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe c:\windows\system32\msiexec.exe c:\program files\Raxco\PerfectDisk\PDEngine.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msiexec.exe c:\program files\Windows Desktop Search\WindowsSearchFilter.exe . ************************************************************************** . Heure de fin: 2009-01-17 14:03:30 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-17 19:03:25 ComboFix2.txt 2009-01-17 14:50:42 Avant-CF: 8 310 218 752 octets libres Après-CF: 8,319,746,048 octets libres 224 --- E O F --- 2009-01-14 08:05:10

est ce que je sois desactivé de nouveau mon antivirus au moment du scan par combofix?

non j'ai jamais installé ou desinstallé un émulateur comme Daemon_Tools .

merci j'ai deja executé combofix et voila mon rapport log ComboFix 09-01-16.03 - Administrateur 2009-01-17 9:37:31.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510.214 [GMT -5:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe AV: BitDefender Antivirus Plus v10 *On-access scanning disabled* (Outdated) AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) FW: BitDefender Antivirus Plus v10 *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\Abbr c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\ActivationCode c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\HOURS c:\documents and settings\All Users.WINDOWS\Application Data\SystemDoctor Free\Data\ProductCode c:\program files\Fichiers communs\SystemDoctor c:\program files\Fichiers communs\SystemDoctor\err.log c:\program files\ShoppingReport c:\windows\system32\hgfdge4unjdfdg.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PACKET -------\Legacy_VFILT ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 )))))))))))))))))))))))))))))))))))) . 2009-01-16 08:27 . 2009-01-16 08:27 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\Navilog1 2009-01-16 06:42 . 2009-01-16 06:42 <REP> d-------- c:\program files\CCleaner 2009-01-15 20:43 . 2009-01-15 20:43 <REP> d-------- c:\program files\Trend Micro 2009-01-15 18:52 . 2009-01-15 18:52 135,680 --a--c--- c:\windows\iloxitok.dll 2009-01-15 18:40 . 2009-01-17 09:45 87,020 --a------ c:\windows\system32\drivers\a52efaef.sys 2009-01-15 16:10 . 2009-01-15 16:10 3,683,606 --a------ c:\documents and settings\All Users.aawqff 2009-01-15 15:30 . 2009-01-15 15:30 <REP> d-------- c:\program files\Lavasoft 2009-01-15 15:30 . 2009-01-15 15:33 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2009-01-15 15:29 . 2009-01-15 15:29 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard 2009-01-14 21:28 . 2009-01-14 21:28 <REP> d----c--- C:\sav_install 2009-01-10 13:21 . 2009-01-10 17:41 <REP> d-------- c:\program files\SWiSHE.NET 2008-12-31 21:40 . 2008-12-31 21:40 <REP> d----c--- c:\windows\PaltalkScene 2008-12-29 07:16 . 2008-12-31 21:51 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2008-12-21 08:46 . 2008-12-21 08:46 <REP> d-------- c:\documents and settings\Administrateur\Application Data\PDM 2008-12-21 08:36 . 2008-12-21 08:36 <REP> d-------- c:\program files\Palm Digital Media 2008-12-20 03:01 . 2008-12-20 03:01 <REP> d-------- c:\program files\MSXML 4.0 2008-12-19 22:18 . 2008-05-01 09:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-12-19 22:07 . 2008-12-20 03:41 <REP> d-------- c:\windows\system32\CatRoot_bak 2008-12-19 18:07 . 2008-12-20 15:16 <REP> d-------- c:\program files\HighwayPursuit . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 13:04 --------- d-----w c:\program files\BitComet 2009-01-04 16:24 --------- d-----w c:\program files\Google 2009-01-01 02:41 --------- d-----w c:\program files\Paltalk Messenger 2009-01-01 02:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\Paltalk 2008-12-29 20:53 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-12-20 15:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-12-20 15:18 --------- d-----w c:\program files\Saint-Coran Toolbar 2008-12-20 14:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files 2008-12-19 21:54 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-04-07 01:17 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-02-22 01:07 8 ----a-w c:\documents and settings\Administrateur\Application Data\usb.dat.bin 2005-01-29 10:57 81,981 ----a-w c:\program files\Copie de catbbmagic.dll 2004-08-10 09:46 39 ----a-w c:\program files\Copie de 2d45nt6.dll 2002-06-04 09:06 65,536 ------w c:\windows\inf\copyinf.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2007-01-12 1740800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544] "IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" [2002-04-20 102400] "BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-22 185896] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "Athan"="c:\program files\Athan\Athan.exe" [2006-09-17 978944] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704] "SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816] "Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2007-08-27 310000] "-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2007-08-27 13552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "Mvelidalosa"="c:\windows\iloxitok.dll" [2009-01-15 135680] "PCTVOICE"="pctspk.exe" [2003-04-18 c:\windows\system32\pctspk.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872] AutoCAD Startup Accelerator.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-04 11000] desktop(2).ini [2006-11-17 84] PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-11-14 11376640] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\WINDOWS\\system32\\mcoinstall.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"= "c:\\CIMCO\\DNCMax5\\DNCAdmin5.exe"= "c:\\CIMCO\\DNCMax5\\DNCMax5.exe"= "c:\\BUREAU\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"= "c:\\Documents and Settings\\Administrateur\\Mes documents\\CIMCO khalid\\cimco\\CIMCO\\CIMCOEdit5\\CIMCOEdit.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "<NO NAME>"= :Windows Service Processor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11272:TCP"= 11272:TCP:BitComet 11272 TCP "11272:UDP"= 11272:UDP:BitComet 11272 UDP "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo "37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo "8736:TCP"= 8736:TCP:BitComet 8736 TCP "8736:UDP"= 8736:UDP:BitComet 8736 UDP R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R4 CIMCODNCMAX;CIMCO DNC-Max;c:\cimco\DNCMax5\DNCMax5.exe [2007-10-02 741376] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?] S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\windows\system32\dllhost.exe [2004-08-03 5120] S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-24 3584] --- Autres Services/Pilotes en mémoire --- *Deregistered* - IPVNMon . Contenu du dossier 'Tâches planifiées' 2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2009-01-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 23:25] . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) BHO-{c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll Toolbar-{3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file) WebBrowser-{3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file) HKLM-Run-EoEngine - (no file) HKLM-Run-EoWeather - (no file) HKLM-Run-EoClock - (no file) HKLM-Run-EoComputer - (no file) HKLM-Run-EoRss - (no file) HKLM-Run-EoNet - (no file) HKLM-Run-EoSudoku - (no file) HKLM-Run-EoPhoto - (no file) SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - c:\windows\system32\hgfdge4unjdfdg.dll Notify-PRISMAPI - PRISMAPI.DLL . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab c:\windows\Downloaded Program Files\TruePass EPF 7,0,100,730.osd O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version= c:\windows\Downloaded Program Files\hardwaredetection.inf FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lsvfrtrk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 09:42:59 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a52efaef] "ImagePath"="\SystemRoot\System32\drivers\a52efaef.sys" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\s-1-5-21-796845957-1801674531-722644409-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Bell\Gestionnaire de securite\Fws.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe c:\program files\CA\PPRT\bin\ITMRTSVC.exe c:\cimco\NCBase5\Bin\cimcodb-nt.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe c:\windows\system32\msiexec.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Heure de fin: 2009-01-17 9:50:40 - La machine a redémarré [Administrateur] ComboFix-quarantined-files.txt 2009-01-17 14:50:36 Avant-CF: 7 501 795 328 octets libres Après-CF: 8,068,575,232 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale"=optin /fastdetect 251 --- E O F --- 2009-01-14 08:05:10

bonjour messsieurs, j'aime bien que vous me guider pour resoudre mon probleme , voila mon rapport log merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:53:33, on 16/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Bell\Gestionnaire de securite\Fws.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\CIMCO\DNCMax5\DNCMax5.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\CIMCO\NCBase5\bin\cimcodb-nt.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: C:\WINDOWS\system32\hgfdge4unjdfdg.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hgfdge4unjdfdg.dll O2 - BHO: (no name) - {f5c93451-2609-4723-a053-5c19516be1a8} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Multi_Media - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: torrent_search - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtor1.dll O3 - Toolbar: (no name) - {3526DA77-E31E-43DD-94E3-16170C0AF42F} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Xjuhadumokaba] rundll32.exe "C:\WINDOWS\Eqodevax.dll",e O4 - HKLM\..\Run: [Mvelidalosa] rundll32.exe "C:\WINDOWS\iloxitok.dll",e O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: desktop(2).ini O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164043653343 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hgfdge4unjdfdg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: CIMCO DNC-Max (CIMCODNCMAX) - CIMCO Integration - C:\CIMCO\DNCMax5\DNCMax5.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: CIMCO NC-Base Server (MySql) - Unknown owner - C:\CIMCO\NCBase5\bin\cimcodb-nt.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe (file missing) O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 9995 bytes