apprenti69

Bonjour, Je voulais vous remercier pour votre aide. Ce que vous faites est vraiment top!!

Bonjour, desole pour le retard. Voici le rapport mbam avec à nouveau un fichier infecte. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4058 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/05/2010 12:10:30 mbam-log-2010-05-05 (12-10-30).txt Type d'examen: Examen complet (C:\|D:\|Q:\|) Elément(s) analysé(s): 240875 Temps écoulé: 44 minute(s), 50 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP857\A0096679.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Cordialement.

Bonjour, Je relance mbam er repost ele log, ok. non pas de lecteur de disquette. Il me semble qu'il est presque imposible d'entrouver dans la grande distribution. Des que j'ai le rapport je le poste. Surement ce soir vers 19h30. Cordialement et encore merci. PS: qu'est ce qu'un "floppy"

Bonjour, Bon dimanche eà tous, Donc je continue, voici le rapport de mbam/ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4058 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/05/2010 14:14:48 mbam-log-2010-05-02 (14-14-48).txt Type d'examen: Examen complet (C:\|D:\|Q:\|) Elément(s) analysé(s): 240793 Temps écoulé: 40 minute(s), 58 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\fdc.sys (Rootkit.Agent) -> Delete on reboot. voili voila, j'ai ensuite redemarre. Cordialement

rebonjour, voici le deuxieme. Juste une chose, quand il m'a demande de redemarrer apres le nettoyage , ce que j'ai fait, j'ai eu une detection de virus au demarrage. Mais bon je te laisse me guider jusqu'au bout et puis je t'mebeterai avec mes questions plus tard. Merci. . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 30/04/10 à 18:40 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 17:27:09 le 01/05/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: NOM-FB9B15D2723 Utilisateur actuel: jojo . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . Service: *Application Updater* . C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\jojo\Application Data\EoRezo C:\Documents and Settings\jojo\Application Data\pdfforge C:\Documents and Settings\jojo\Application Data\Search Settings C:\Documents and Settings\par ici les amis\Application Data\pdfforge C:\Documents and Settings\par ici les amis\Application Data\Search Settings C:\Program Files\Application Updater C:\Program Files\pdfforge Toolbar C:\Program Files\Viewpoint (!) -- Fichiers temporaires supprimés. . HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKCU\Software\pdfforge HKCU\Software\Search Settings HKCU\Software\WebMediaPlayer HKLM\Software\Application Updater HKLM\Software\Classes\AxMetaStream.MetaStreamCtl HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\MetaStream HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer HKLM\Software\pdfforge HKLM\Software\Search Settings HKLM\Software\Viewpoint HKLM\Software\WebMediaPlayer HKU\.DEFAULT\Software\pdfforge HKU\.DEFAULT\Software\Search Settings HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.exe . (Orpheline) HKLM,Run - regcmdcons - c:\hp\bin\cmdcons.cmd (Fichier manquant) (Orpheline) BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} (CLSID manquant) . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version Impossible d'obtenir la version * . C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\jojo\\Bureau C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\jojo\\Bureau\\HILDA\\2008 C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.startup.homepage: hxxp://y.lo.st C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.8.0.1 C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - ¹>~rbrowser.startup.homepage: hxxp://www.durable.com/recherche C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.defaultenginename: Durable C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.selectedEngine: Durable C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.defaulturl: hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q= C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - keyword.URL: hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q= . EFFACÉ: C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://y.lo.st"); . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 13 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 6481 Octet(s) C:\Ad-Report-SCAN[1].txt - 6505 Octet(s) C:\Ad-Report-SCAN[2].txt - 6547 Octet(s) . Fin à: 17:32:05, 01/05/2010 . ============== E.O.F - CLEAN[1] ==============

Bonjour, Merci pour cette aide. J'ai donc effectuer les etapes et voici le premier rapport. . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 30/04/10 à 18:40 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 17:10:27 le 01/05/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: NOM-FB9B15D2723 Utilisateur actuel: jojo . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . Service: *Application Updater* . C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\jojo\Application Data\EoRezo C:\Documents and Settings\jojo\Application Data\pdfforge C:\Documents and Settings\jojo\Application Data\Search Settings C:\Documents and Settings\par ici les amis\Application Data\pdfforge C:\Documents and Settings\par ici les amis\Application Data\Search Settings C:\Program Files\Application Updater C:\Program Files\pdfforge Toolbar C:\Program Files\Viewpoint . HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKCU\Software\pdfforge HKCU\Software\Search Settings HKCU\Software\WebMediaPlayer HKLM\Software\Application Updater HKLM\Software\Classes\AxMetaStream.MetaStreamCtl HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\MetaStream HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer HKLM\Software\pdfforge HKLM\Software\Search Settings HKLM\Software\Viewpoint HKLM\Software\WebMediaPlayer HKU\.DEFAULT\Software\pdfforge HKU\.DEFAULT\Software\Search Settings HKU\S-1-5-18\Software\pdfforge HKU\S-1-5-18\Software\Search Settings HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.exe . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version Impossible d'obtenir la version * . C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\jojo\\Bureau C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\jojo\\Bureau\\HILDA\\2008 C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.startup.homepage: hxxp://y.lo.st C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.8.0.1 C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - ¹>~rbrowser.startup.homepage: hxxp://www.durable.com/recherche C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.defaultenginename: Durable C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.selectedEngine: Durable C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - browser.search.defaulturl: hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q= C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - keyword.URL: hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q= . TROUVÉ: C:\Documents and Settings\jojo\..\dobs3yv9.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://y.lo.st"); . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://www.google.com Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 0 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 6381 Octet(s) . Fin à: 17:16:14, 01/05/2010 . ============== E.O.F - SCAN[1] ==============

Bonjour à tous, Je suis embete car depuis 1 ou 2 semaines j'ai choppe des virus et peut etre autre chose. J'apprends vite et je suis debrouillard mais la c'est serieux. Pbm ordi: virus detecte tous le temps, ralentissement de la machine au demarrage, plantage hyper frequent notamment quand je me connecte à internet; J'ai suivi ce qui etait sur le poste de fakra. donc desinstalle avast qui n'a servi à rien, installation antivir; antivir decouvre les virus mais ils reviennet sous d'autres noms, cela n'empeche pas le ralentissment et les plantages. J'ai aussi ccleaner et spybot. Merci d'avance rapport hyjackis Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 16:18:15, on 30/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Fichiers communs\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fvbho140.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk.disabled O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk.disabled O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled O4 - Global Startup: LUMIX Simple Viewer.lnk.disabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1256047043671 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.ma-config.com/activex/MaConfig_3_5_0_0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/jojo/LOCALS~1/Temp/msoclip1/01/clip_image001.gif -- End of file - 12813 bytes

Bonjour, J'ai aussi ete infecte et je poste donc mon rapport combofix. Merci d'avance aux gens qui passent du temps à aider des personnes comme moi; ComboFix 10-04-21.01 - jojo 22/04/2010 9:06.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1982.1524 [GMT 2:00] Lancé depuis: c:\documents and settings\jojo\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\jojo\Application Data\avdrn.dat c:\program files\pdfforge Toolbar\SearchSettings.dll c:\recycler\S-1-5-21-139988012-1965561259-1227256114-1007 c:\windows\pack.epk D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-22 au 2010-04-22 )))))))))))))))))))))))))))))))))))) . 2010-04-22 07:01 . 2010-04-22 07:15 586240 ----a-w- c:\windows\system32\drivers\hymrcnj.sys 2010-04-22 06:53 . 2010-04-22 07:14 -------- d-----w- c:\windows\LastGood 2010-04-21 12:45 . 2010-04-22 07:05 -------- d-----w- c:\program files\ZHPDiag 2010-04-21 10:12 . 2008-04-13 09:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-04-21 10:11 . 2008-04-13 09:41 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-04-21 10:11 . 2008-04-13 09:41 8192 ----a-w- c:\windows\system32\dllcache\changer.sys 2010-04-12 13:00 . 2010-04-12 13:00 -------- d-----w- c:\documents and settings\par ici les amis\Application Data\OpenOffice.org 2010-04-02 12:24 . 2010-04-02 12:24 -------- d-----w- c:\documents and settings\jojo\.analyse0.6 2010-04-02 08:12 . 2010-04-09 10:21 86016 ----a-w- c:\documents and settings\jojo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\meetingconvertor.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-22 07:15 . 2004-08-10 11:00 859648 ----a-w- c:\windows\system32\drivers\fdc.sys 2010-04-22 07:12 . 2009-06-18 10:59 -------- d-----w- c:\program files\pdfforge Toolbar 2010-04-21 16:57 . 2009-12-19 22:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client 2010-04-21 16:56 . 2009-12-19 22:27 -------- d-----w- c:\documents and settings\jojo\Application Data\SoftGrid Client 2010-04-21 16:56 . 2009-09-21 14:40 -------- d-----w- c:\documents and settings\jojo\Application Data\EBookSys 2010-04-21 13:20 . 2009-10-28 09:50 -------- d-----w- c:\program files\CCleaner 2010-04-21 10:06 . 2010-04-21 10:06 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\kcmdte.dat 2010-04-21 06:00 . 2009-03-30 09:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-20 10:39 . 2008-10-23 17:15 1 ----a-w- c:\documents and settings\jojo\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-20 07:51 . 2009-03-30 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-18 11:01 . 2010-01-16 19:57 -------- d-----w- c:\program files\Bonjour 2010-04-18 10:58 . 2009-12-23 14:29 -------- d-----w- c:\program files\DivXxx 2010-04-18 09:25 . 2010-03-05 12:24 443912 ----a-w- c:\documents and settings\jojo\Application Data\Real\Update\setup3.10\setup.exe 2010-04-14 19:51 . 2009-12-19 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-09 10:21 . 2009-11-26 08:24 81920 -c--a-w- c:\documents and settings\jojo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connecthook.dll 2010-04-04 15:03 . 2007-12-19 20:23 70144 -c--a-w- c:\documents and settings\jojo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-02 11:38 . 2008-09-14 12:19 -------- d-----w- c:\program files\MSECache 2010-04-02 11:34 . 2010-04-02 11:34 0 ----a-w- c:\documents and settings\jojo\Application Data\wklnhst.dat 2010-04-02 08:12 . 2009-09-22 13:42 5064200 ----a-w- c:\documents and settings\jojo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe 2010-03-28 08:23 . 2010-02-14 14:20 4832 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2010-03-28 08:23 . 2005-10-10 11:39 85970 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-28 08:23 . 2005-10-10 11:39 513114 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-15 18:08 . 2010-01-05 08:48 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-10 06:16 . 2004-08-10 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 10:13 . 2009-12-20 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications 2010-02-25 06:17 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-10 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:06 . 2004-08-10 11:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2004-08-10 11:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-13 18:32 . 2010-02-13 18:32 97280 ------w- c:\documents and settings\jojo\Application Data\pdfforge\apatch.exe 2010-02-12 10:03 . 2010-02-24 12:01 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:34 . 2004-08-10 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 11:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-25 12:50 . 2010-01-25 12:50 68776 ------w- c:\documents and settings\par ici les amis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 12:50 . 2010-01-25 12:50 139 ------w- c:\documents and settings\par ici les amis\Local Settings\Application Data\fusioncache.dat 2009-12-03 21:35 . 2009-12-03 21:35 42103 -c----w- c:\program files\DxDiagnostix controle x ordi attention.txt 2006-11-25 09:33 . 2006-11-25 09:33 278528 -c----w- c:\program files\Fichiers communs\FDEUnInstaller.exe 2006-12-01 21:07 . 2006-12-01 21:07 22 -csh--w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2010-01-08 02:17 700416 ------w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-12 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 180269] c:\documents and settings\par ici les amis\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\jojo\Menu D‚marrer\Programmes\D‚marrage\ monxga32.exe [2008-4-14 29696] OpenOffice.org 3.0.lnk.disabled [2008-12-29 875] Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk.disabled [2009-8-17 809] HP Digital Imaging Monitor.lnk.disabled [2009-8-17 1819] LUMIX Simple Viewer.lnk.disabled [2007-2-2 699] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Post-it© Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:b805bad4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" "AlwaysReady Power Message APP"=ARPWRMSG.EXE "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "SearchSettings"=c:\program files\pdfforge Toolbar\SearchSettings.exe "FlipViewer Library"="c:\program files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" /showmode=hide "RTHDCPL"=RTHDCPL.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928] R2 cvhsvc;Client Virtualization Handler;c:\program files\Fichiers communs\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [26/09/2009 08:35 819600] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [23/09/2009 16:04 447832] R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [23/09/2009 16:04 543064] R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [23/09/2009 16:04 190312] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [23/09/2009 16:05 21864] R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [23/09/2009 16:04 14680] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [23/09/2009 16:04 203608] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/01/2010 22:01 135664] S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 05:28 4639136] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - HYMRCNJ *NewlyCreated* - NWLNKFWD *Deregistered* - Fdc *Deregistered* - hymrcnj . Contenu du dossier 'Tâches planifiées' 2010-04-19 c:\windows\Tasks\dfrg.job - c:\windows\system32\dfrg.msc [2004-08-10 04:00] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 20:01] 2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-12 20:01] 2010-04-19 c:\windows\Tasks\Nettoyage de disque.job - c:\windows\system32\cleanmgr.exe [2004-08-10 02:33] 2010-04-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-04-19 13:31] 2010-04-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-04-19 13:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Windows &Live Favorites IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: microsoft.com\.www.update . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-PCDrProfiler - (no file) Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-22 09:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hymrcnj] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-139988012-1965561259-1227256114-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Heure de fin: 2010-04-22 09:17:24 ComboFix-quarantined-files.txt 2010-04-22 07:17 Avant-CF: 124 127 350 784 octets libres Après-CF: 124 511 633 408 octets libres Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=,1,2,3,4,5 - - End Of File - - 7A37DEF560BBA2708EFA87C8A53E8722