got-to-be

Le scan est terminé. Petit "soucis" : je me suis mis en mode sans échec, j'ai vérifié qu'Avast ne tournait pas, mais ComboFix m'a assuré le contraire. Pour d'avantage de sûreté je l'ai carrément désinstallé et débranché le RJ45. Impossible à ce stade de redémarrer le PC donc j'ai laissé comme ca. Un fois CbFx terminé j'ai voulu installer Microsoft Security Essentials. Impossible pour le moment, même après redémarrage de la machine. Bref a voir après. Voici le log : ComboFix 10-03-07.05 - Administrateur 08/03/2010 16:22:43.2.1 - x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.895.711 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur.BESTWAY-BONNE\Bureau\CCM.exe Commutateurs utilisés :: c:\documents and settings\Administrateur.BESTWAY-BONNE\Bureau\CFScript.txt FILE :: "c:\documents and settings\Roger\Application Data\rbuwzv.dat" "c:\documents and settings\Roger\Menu D‚marrer\Programmes\D‚marrage\" "c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Roger\Application Data\rbuwzv.dat c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\netman.dll --> c:\windows\system32\netman.dll c:\windows\ServicePackFiles\i386\spoolsv.exe --> c:\windows\system32\spoolsv.exe c:\windows\ServicePackFiles\i386\linkinfo.dll --> c:\windows\system32\linkinfo.dll c:\windows\ServicePackFiles\i386\tapisrv.dll --> c:\windows\system32\tapisrv.dll c:\windows\ServicePackFiles\i386\user32.dll --> c:\windows\system32\user32.dll c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe c:\windows\ServicePackFiles\i386\shsvcs.dll --> c:\windows\system32\shsvcs.dll c:\windows\ServicePackFiles\i386\upnphost.dll --> c:\windows\system32\upnphost.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-08 au 2010-03-08 )))))))))))))))))))))))))))))))))))) . 2010-03-08 12:58 . 2010-03-08 12:58 -------- d-----w- c:\documents and settings\Roger\Application Data\Malwarebytes 2010-03-08 08:19 . 2010-03-08 08:19 -------- d-----w- c:\documents and settings\Administrateur.BESTWAY-BONNE\Application Data\Malwarebytes 2010-03-08 08:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-08 08:18 . 2010-03-08 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-08 08:18 . 2010-03-08 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-08 08:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-07 02:30 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-05 09:34 . 2010-03-05 09:34 -------- d-----w- c:\windows\l2schemas 2010-03-05 09:34 . 2010-03-05 09:34 -------- d-----w- c:\windows\system32\fr 2010-03-05 09:34 . 2010-03-05 09:34 -------- d-----w- c:\windows\system32\bits 2010-03-05 08:39 . 2010-03-05 08:39 -------- d-----w- c:\windows\EHome 2010-03-04 17:44 . 2010-03-04 17:47 -------- d-----w- c:\program files\OpenOffice.org 3 2010-03-04 17:23 . 2010-03-04 17:23 -------- d-----w- c:\program files\Auslogics 2010-03-04 16:41 . 2010-03-04 17:27 -------- d-----w- c:\documents and settings\Roger\Application Data\Auslogics 2010-02-28 22:46 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-28 22:46 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-28 22:46 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-02-26 07:41 . 2010-02-26 07:41 -------- d-----w- c:\documents and settings\Roger\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-08 15:36 . 2006-04-19 07:42 -------- d-----w- c:\program files\Wanadoo 2010-03-08 07:57 . 2006-04-19 07:11 434688 ----a-w- c:\documents and settings\Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-05 16:50 . 2004-08-05 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-05 16:50 . 2004-08-05 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-05 09:48 . 2006-04-13 08:40 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-03-04 17:27 . 2006-04-13 09:48 -------- d-----w- c:\program files\OpenOffice.org 2.0 2010-03-04 16:51 . 2006-04-19 07:11 -------- d-----w- c:\documents and settings\Roger\Application Data\OpenOffice.org2 2010-03-04 16:34 . 2008-03-26 08:58 -------- d-----w- c:\program files\CCleaner 2010-03-04 16:24 . 2008-03-26 08:57 -------- d-----w- c:\program files\AusLogics Disk Defrag 2010-01-28 05:36 . 2006-04-13 12:34 -------- d-----w- c:\program files\Google 2010-01-24 19:15 . 2010-01-24 19:15 -------- d-----w- c:\documents and settings\Roger\Application Data\GARMIN 2010-01-24 01:07 . 2006-06-05 20:55 -------- d-----w- c:\program files\eoRezo 2010-01-24 01:07 . 2006-06-05 20:55 -------- d-----w- c:\documents and settings\Roger\Application Data\EoRezo 2010-01-21 10:24 . 2008-12-17 13:40 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-05 09:56 . 2004-08-05 12:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2004-08-05 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-05 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-17 07:41 . 2006-04-13 08:36 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-05 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:09 . 2004-08-04 00:48 2068096 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-09 10:09 . 2004-08-05 12:00 2191232 ------w- c:\windows\system32\ntoskrnl.exe 2006-11-15 10:17 . 2006-04-19 15:42 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-08 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\Roger\Menu D‚marrer\Programmes\D‚marrage\ winesm32.exe [2004-8-5 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk backup=c:\windows\pss\Pense-bête.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-08 23:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2005-08-12 11:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] 2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-03-25 20:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-03-13 08:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-07-30 08:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] 2005-07-11 08:44 482816 ----a-w- c:\program files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2005-01-19 09:05 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] 2005-11-29 17:19 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-14 16:06 577536 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 01:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-02-10 14:27 1420560 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\lphant\\eLePhantClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 06:36 135664] S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7145 v1.50\HwIOctl.sys --> c:\program files\Setup Files\MS-7145 v1.50\HwIOctl.sys [?] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040] S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [10/02/2006 15:27 45840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] 2010-03-07 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job - c:\program files\AusLogics Disk Defrag\cdefrag.exe [2010-03-04 13:13] 2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 05:36] 2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 05:36] 2010-03-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 14:27] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://orange.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab FF - ProfilePath - c:\documents and settings\Administrateur.BESTWAY-BONNE\Application Data\Mozilla\Firefox\Profiles\y1adsv8u.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-08 16:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\System32\FTRTSVC.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wdfmgr.exe c:\program files\Inventel\Gateway\wlancfg.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\progra~1\Wanadoo\TaskBarIcon.exe c:\program files\Logitech\Video\FxSvr2.exe . ************************************************************************** . Heure de fin: 2010-03-08 16:40:06 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-08 15:40 ComboFix2.txt 2010-03-08 14:13 Avant-CF: 51 501 834 240 octets libres Après-CF: 51 448 074 240 octets libres - - End Of File - - D801DB929B8E85658EDB074239274999 Merci de votre aide

Bon j'ai fais comme demandé Lancer ComboFix Glisser le .txt dessus J'ai l'impression qu'il fait le même scan que précédemment; Normal ? Quoi qu'il en soit je laisse faire et je poste le rapport dès que possible.

ok, je vais faire ca tout de suite. Je vous donne des nouvelles dès que possible. merci

Bonjour Actuellement technicien info (de niveau BACP) je viens de tomber en face de SECURITY TOOL sur un pc client. J'ai cherché un peu sur internet et j'ai trouvé ce tutoriel plutôt sérieux. http://www.commentcamarche.net/faq/24055-security-tool J'ai suivit aussi le tutoriel COMBO FIX afin d'éxécuter la procédure correctement. Je suis donc en possession du log... et je cherche quelqu'un susceptible de m'aider à rendre à ce client son PC en état de marche. ci-dessous : le log ComboFix 10-03-07.05 - Roger 08/03/2010 14:37:45.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.895.535 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur.BESTWAY-BONNE\Bureau\CCM.exe AV: avast! antivirus 4.8.1351 [VPS 100307-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-583907252-1788223648-839522115-1003 c:\windows\system32\_004421_.tmp.dll c:\windows\system32\_004422_.tmp.dll c:\windows\system32\_004423_.tmp.dll c:\windows\system32\_004424_.tmp.dll c:\windows\system32\_004431_.tmp.dll c:\windows\system32\_004432_.tmp.dll c:\windows\system32\_004433_.tmp.dll c:\windows\system32\_004434_.tmp.dll c:\windows\system32\_004436_.tmp.dll c:\windows\system32\_004437_.tmp.dll c:\windows\system32\_004440_.tmp.dll c:\windows\system32\_004441_.tmp.dll c:\windows\system32\_004443_.tmp.dll c:\windows\system32\_004444_.tmp.dll c:\windows\system32\_004445_.tmp.dll c:\windows\system32\_004447_.tmp.dll c:\windows\system32\_004450_.tmp.dll c:\windows\system32\_004451_.tmp.dll c:\windows\system32\_004455_.tmp.dll c:\windows\system32\_004456_.tmp.dll c:\windows\system32\_004458_.tmp.dll c:\windows\system32\_004461_.tmp.dll c:\windows\system32\_004463_.tmp.dll c:\windows\system32\_004464_.tmp.dll c:\windows\system32\_004465_.tmp.dll c:\windows\system32\_004466_.tmp.dll c:\windows\system32\_004467_.tmp.dll c:\windows\system32\_004470_.tmp.dll c:\windows\system32\_004471_.tmp.dll c:\windows\system32\_004472_.tmp.dll c:\windows\system32\_004473_.tmp.dll c:\windows\system32\_004474_.tmp.dll c:\windows\system32\_004479_.tmp.dll c:\windows\system32\_004481_.tmp.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-08 au 2010-03-08 )))))))))))))))))))))))))))))))))))) . 2010-03-08 12:58 . 2010-03-08 12:58 -------- d-----w- c:\documents and settings\Roger\Application Data\Malwarebytes 2010-03-08 08:19 . 2010-03-08 08:19 -------- d-----w- c:\documents and settings\Administrateur.BESTWAY-BONNE\Application Data\Malwarebytes 2010-03-08 08:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-08 08:18 . 2010-03-08 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-08 08:18 . 2010-03-08 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-08 08:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-07 02:30 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-05 09:34 . 2010-03-05 09:34 -------- d-----w- c:\windows\l2schemas 2010-03-05 09:34 . 2010-03-05 09:34 -------- d-----w- c:\windows\system32\fr 2010-03-05 09:34 . 2010-03-05 09:34 -------- d-----w- c:\windows\system32\bits 2010-03-05 08:39 . 2010-03-05 08:39 -------- d-----w- c:\windows\EHome 2010-03-04 17:44 . 2010-03-04 17:47 -------- d-----w- c:\program files\OpenOffice.org 3 2010-03-04 17:23 . 2010-03-04 17:23 -------- d-----w- c:\program files\Auslogics 2010-03-04 16:41 . 2010-03-04 17:27 -------- d-----w- c:\documents and settings\Roger\Application Data\Auslogics 2010-02-28 22:46 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-28 22:46 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-28 22:46 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-02-26 07:41 . 2010-02-26 07:41 -------- d-----w- c:\documents and settings\Roger\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-08 13:16 . 2006-04-19 07:42 -------- d-----w- c:\program files\Wanadoo 2010-03-08 07:57 . 2006-04-19 07:11 434688 ----a-w- c:\documents and settings\Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-07 02:27 . 2010-03-05 16:48 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat 2010-03-05 16:50 . 2004-08-05 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-05 16:50 . 2004-08-05 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-05 09:48 . 2006-04-13 08:40 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-03-04 17:27 . 2006-04-13 09:48 -------- d-----w- c:\program files\OpenOffice.org 2.0 2010-03-04 16:51 . 2006-04-19 07:11 -------- d-----w- c:\documents and settings\Roger\Application Data\OpenOffice.org2 2010-03-04 16:34 . 2008-03-26 08:58 -------- d-----w- c:\program files\CCleaner 2010-03-04 16:24 . 2008-03-26 08:57 -------- d-----w- c:\program files\AusLogics Disk Defrag 2010-02-28 22:31 . 2010-02-28 22:31 16 ----a-w- c:\documents and settings\Roger\Application Data\rbuwzv.dat 2010-01-28 05:36 . 2006-04-13 12:34 -------- d-----w- c:\program files\Google 2010-01-24 19:15 . 2010-01-24 19:15 -------- d-----w- c:\documents and settings\Roger\Application Data\GARMIN 2010-01-24 01:07 . 2006-06-05 20:55 -------- d-----w- c:\program files\eoRezo 2010-01-24 01:07 . 2006-06-05 20:55 -------- d-----w- c:\documents and settings\Roger\Application Data\EoRezo 2010-01-21 10:24 . 2008-12-17 13:40 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-05 09:56 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2004-08-05 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-05 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-17 07:41 . 2006-04-13 08:36 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-05 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:09 . 2004-08-04 00:48 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-09 10:09 . 2004-08-05 12:00 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe 2006-11-15 10:17 . 2006-04-19 15:42 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe 2007-12-23 14:09 . 2006-04-13 12:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-12-23 14:09 . 2006-04-13 12:16 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-12-23 14:09 . 2006-04-13 12:16 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [7] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [7] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netman.dll [-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [7] 2004-08-05 . 624CF700BBFD8BE4097AAA146E6BD363 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe [7] 2004-08-05 . B4EF928E4FAD79364A80ACBA6D999934 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [7] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [7] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\linkinfo.dll [-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll [7] 2004-08-05 . 9D21BC0235494F2B403026A1D3619E00 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [7] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [7] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tapisrv.dll [-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll [7] 2004-08-05 . 2490CAE37DB8B6EC55E7A9415473D0AB . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\user32.dll [-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll [-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [7] 2004-08-05 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\explorer.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [7] 2004-08-05 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [7] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [7] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\shsvcs.dll [-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [7] 2004-08-05 . B590E69A45AE8FCBF7DDADE89CCE3588 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [7] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [7] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\upnphost.dll [-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll [7] 2004-08-05 . 168AE9938F6BE31D198AF92496CCFA33 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-08 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\Roger\Menu D‚marrer\Programmes\D‚marrage\ winesm32.exe [2004-8-5 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk backup=c:\windows\pss\Pense-bête.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-08 23:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2005-08-12 11:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] 2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-03-25 20:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-03-13 08:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-07-30 08:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] 2005-07-11 08:44 482816 ----a-w- c:\program files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2005-01-19 09:05 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] 2005-11-29 17:19 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-12-14 16:06 577536 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 01:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-02-10 14:27 1420560 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\lphant\\eLePhantClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/03/2009 08:08 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2009 08:08 20560] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/01/2010 06:36 135664] S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7145 v1.50\HwIOctl.sys --> c:\program files\Setup Files\MS-7145 v1.50\HwIOctl.sys [?] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040] S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [10/02/2006 15:27 45840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2010-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] 2010-03-07 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job - c:\program files\AusLogics Disk Defrag\cdefrag.exe [2010-03-04 13:13] 2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 05:36] 2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 05:36] 2010-03-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 14:27] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://orange.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab FF - ProfilePath - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\y1adsv8u.default\ FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-31353419 - c:\docume~1\ALLUSE~1\APPLIC~1\31353419\31353419.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-08 15:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(628) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-03-08 15:13:19 ComboFix-quarantined-files.txt 2010-03-08 14:12 Avant-CF: 51 284 303 872 octets libres Après-CF: 51 117 064 192 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - F177C6A432014B41AD0A6DB16DDA5C35 Merci de votre aide