Lenteur PC, quels processus supprimer???

dans le gestionnaire de tâche sous l'onglet démarrage, tout PC

les seuls vraiment nécessaire sont seulement ceux qui servent a protéger ton ordinateur , anti-virus,pare-feu, anti-espion. Le reste peut être décoché sans crainte. en fait les décocher ne changent rien a ces programmes qui sont toujours présent sur ton ordi et que tu peux a ta guise utiliser quand tu en a besoins.

Edité par P_A_P_Y le 25/12/2007 à 17:17

J'ai fait le ménage dans msconfig mais ça n'a pas résolu mon problème. Deplus Backweb se réactive à chaque démarrage. Il semble que ce soit un spyware logitech. Comment le neutraliser? Depuis le nettoyage de msconfig, le pc est un peu plus rapide à démarrer mais une fenêtre smart wizzard s'ouvre une dizaine de fois au démarrage et je suis obligé de fermer toutes ces fenêtres manuellement.
Une idée???

Bonsoir loge Bienvenue sur sosordi

Recoche toutes les cases que tu as decoché dans ms config
Fais un redemarrage

>> Télécharge Hijackthis V 2.02

http://www.trendsecure.com/portal/e[...]/HJTInstall.exe

~ Cette procédure doit être effectuée en mode démarrage normal

~ Ferme toutes les fenêtres, Hijackthis doit être exécuter seul

~ Fais un double clic sur HJTInstall.exe afin de lancer l'installation

~ Clique sur Install ensuite sur I Accept

~ Clique sur Do a scan system and save log file

- Notepad s'ouvrira fais un copier (Ctrl + A) de tout son contenu et colle le (Ctrl + V) dans ta prochaine réponse.

- Aide à l'installation: http://cybersecurite.xooit.com/t138[...]kThis-2-0-2.htm (Tutoriel concocté par Bruce Lee)

Bonsoir Rivetpop, excuse moi pour le temp de réponse mais en ce moment, boulot boulot.
J'ai réactivé tous les processus et voici le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:10, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\WINDOWS\System\SmWizard.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CmWatch.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.marvell.com/yukon/support/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MagicSpeed] C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe /autorun
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 11678 bytes

Re

J'ai fait appel a zaede pour qu'il vienne verifier tout cela

Bonsoir loge, on va vérifier ce fichier

1/Autorise l'affichage des fichiers et dossiers cachés de cette façon :

Citation :

*Poste de travail menu Outils - Option des dossiers onglet Affichage *Activer le bouton radio: Afficher les Fichiers et dossiers cachés *Décocher: Masquer les fichiers protégés du système d'exploitation (recommandé) *Décocher: Masquer les extensions dont le type est connu *Cliquer sur Appliquer et Ok pour valider les changements

.


2/

Je te demanderais de faire analyser ce fichier sur l'un des deux (ou les deux) sites ci-dessous

Rends toi sur ce site :

http://www.virustotal.com/

- Clique sur parcourir et cherche ce fichier:

C:\WINDOWS\System\SmWizard.exe

- Clique sur send.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Puis sur ce site ci:

http://virusscan.jotti.org/

- Clique sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier:

C:\WINDOWS\System\SmWizard.exe

- Clic sur submit toujours en haut à droite

- Le scan va se lancer, ça va prendre un petit instant

- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.

Aide : http://www.malekal.com/scan_Av_en_l[...]#mozTocId662799



rivetpop

Bonjour Rivetpop voici les résultats des 2 scans :

Service
Service load: 0% 100%

File: SmWizard.exe
Status: OK
MD5: dbd532c5e27b092c7a43c61eb1422e55
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 29 Dec 2007 07:49:36 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: Project1.exe (MD5: 90620cbf141b1a68bebe7da8d095ddad, size: 406528 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan-Downloader.Win32.Banload.BO
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X

et le 2ème :

File SmWizard.exe received on 12.29.2007 08:48:13 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.28 -
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.28 -
AVG 7.5.0.516 2007.12.28 -
BitDefender 7.2 2007.12.29 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.28 -
DrWeb 4.44.0.09170 2007.12.29 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5410 2007.12.29 -
Ewido 4.0 2007.12.28 -
FileAdvisor 1 2007.12.29 -
Fortinet 3.14.0.0 2007.12.29 -
F-Prot 4.4.2.54 2007.12.28 -
F-Secure 6.70.13030.0 2007.12.28 -
Ikarus T3.1.1.15 2007.12.29 -
Kaspersky 7.0.0.125 2007.12.29 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.29 -
NOD32v2 2754 2007.12.28 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.28 -
Prevx1 V2 2007.12.29 -
Rising 20.24.51.00 2007.12.29 -
Sophos 4.24.0 2007.12.29 -
Sunbelt 2.2.907.0 2007.12.28 -
Symantec 10 2007.12.29 -
TheHacker 6.2.9.174 2007.12.28 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.28 -
Webwasher-Gateway 6.6.2 2007.12.28 -

Additional information
File size: 1458176 bytes
MD5: dbd532c5e27b092c7a43c61eb1422e55
SHA1: 536e116f7e1c43d58b9cf49466172531d126756f
PEiD: Armadillo v1.71

Si ça peut vous éguillez, je me suis aperçu que le pc se bloque toute les minutes à la seconde près pendant 3 secondes quelques soit le nombre de tâches et programmes en fonctionnement.

Bonjour loge, ça fait penser à un programme qui veut se mettre à jour sur le net

Désinstalle via ajout/suppression de programmes Logitech Desktop Messenger

Puis ceci:



1. Télécharge combofix.exe (par sUBs) ici :

http://download.bleepingcomputer.co[...]Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

sur ton Bureau.

2. Double clique sur combofix.exe puis tape 1 pour lancer le scan.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Le rapport se trouve également ici : C:\Combofix.txt

NOTE: Combofix peut être détecter par certains antivirus.
Ne pas en tenir compte, c'est un faux positif
Cliquer sur ignorer et continuer la procédure

Bonjour Loge
Zaede

Bonjour zaede, voici le log combofix.
Par contre pendant le scan mon antivirus c'est déclencher pour un cheval de troie :
Trojan.win32.inject.ph dans C:/Docum~1/logear~1/locals~1/temp/bjpevoyrMickael.dll et m'a dit impossible de supprimer, objet introuvable.

ComboFix 07-12-21.4 - LOGEARD Mickael 2007-12-29 17:01:40.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.507 [GMT 1:00]
Running from: C:\Documents and Settings\LOGEARD Mickael\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 17:24 . 2007-12-28 17:24 <REP> d-------- C:\Program Files\Trend Micro
2007-12-26 16:26 . 2007-12-26 16:26 <REP> d-------- C:\Program Files\C-Media
2007-12-26 16:13 . 2007-12-26 16:13 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\ATI
2007-12-26 16:13 . 2007-12-26 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-26 16:05 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-26 15:40 . 2007-12-26 15:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-26 13:11 . 2007-12-26 13:11 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-26 13:11 . 2007-12-26 13:11 264 --a------ C:\WINDOWS\system32\LEXSUP.HTM
2007-12-25 13:33 . 2007-12-25 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-23 16:12 . 2007-12-23 16:13 <REP> d-------- C:\regseeker
2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 17:43 . 2007-12-18 17:43 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.57
2007-12-18 17:43 . 2005-07-11 08:28 8,802 -ra------ C:\WINDOWS\AmvTransform.ini
2007-12-18 17:43 . 2005-07-07 02:07 7,763 -ra------ C:\WINDOWS\AmvPlayer.ini
2007-12-18 17:43 . 2005-05-11 04:05 7,207 -ra------ C:\WINDOWS\Disktool.INI
2007-12-18 17:43 . 2005-06-24 04:25 6,565 -ra------ C:\WINDOWS\fwupgrade.ini
2007-12-18 17:43 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2007-12-18 17:26 . 2007-12-18 17:26 73 --a------ C:\WINDOWS\MediaManager.INI
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-06 14:06 . 2007-12-06 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2007-12-05 04:05 . 2007-12-05 04:05 368,640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:48 . 2007-12-05 03:48 9,535,488 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-05 03:48 . 2007-12-05 03:48 6,217,728 --a------ C:\WINDOWS\system32\Atioglgl.dll
2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-12-05 03:33 . 2007-12-05 03:33 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-12-05 03:19 . 2007-12-05 03:19 385,024 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-12-05 03:16 . 2007-12-05 03:16 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 03:14 . 2007-12-05 03:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-11-30 11:13 . 2001-08-23 17:47 46,080 --a--c--- C:\WINDOWS\system32\dllcache\esunib.dll
2007-11-30 11:13 . 2001-08-23 17:47 46,080 --a--c--- C:\WINDOWS\system32\dllcache\esuni.dll
2007-11-30 11:13 . 2001-08-23 17:47 34,816 --a--c--- C:\WINDOWS\system32\dllcache\esuimg.dll
2007-11-30 11:13 . 2001-08-17 20:12 16,998 --a--c--- C:\WINDOWS\system32\dllcache\ex10.sys
2007-11-30 11:13 . 2001-08-17 20:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2007-11-30 11:13 . 2001-08-17 20:11 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2007-11-30 11:13 . 2001-08-17 20:11 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2007-11-30 11:13 . 2001-08-17 21:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\exabyte2.sys
2007-11-30 11:11 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-11-30 11:10 . 2001-08-23 17:47 422,429 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2007-11-30 11:09 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-11-30 11:08 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-11-30 11:07 . 2004-08-04 00:54 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2007-11-30 11:06 . 2001-08-17 20:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-11-30 11:05 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 16:06 23,781,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:05 1,052,704 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 15:55 321,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 15:55 101,612 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 15:43 --------- d-----w C:\Program Files\Winamp
2007-12-29 08:48 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-29 08:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 08:00 --------- d-----w C:\Program Files\Lx_cats
2007-12-26 15:26 818,496 ----a-w C:\WINDOWS\system32\drivers\cmuda.sys
2007-12-26 15:26 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll
2007-12-26 15:26 712,704 ----a-w C:\WINDOWS\system32\a3d.dll
2007-12-26 15:26 28,672 ----a-w C:\WINDOWS\system32\cmirmdrv.dll
2007-12-26 15:26 233,472 ----a-w C:\WINDOWS\system32\cmirmdrv.exe
2007-12-26 15:26 151,552 ----a-w C:\WINDOWS\system32\cmuda.dll
2007-12-26 15:06 --------- d-----w C:\Program Files\ATI Technologies
2007-12-23 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-20 18:25 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-19 06:27 --------- d-----w C:\Program Files\Micro Application
2007-12-18 16:30 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Intervideo
2007-12-15 07:18 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 07:18 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-13 22:19 --------- d-----w C:\Program Files\DivX
2007-12-12 21:33 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-30 07:25 684,032 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-26 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-26 15:42 --------- d-----w C:\Program Files\Aspecto Software
2007-11-26 15:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-26 14:58 --------- d-----w C:\Program Files\Vimicro
2007-11-26 14:56 --------- d-----w C:\Program Files\eMPIA
2007-11-22 11:03 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-11-21 18:50 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Leadertech
2007-11-17 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-11-13 12:12 --------- d-----w C:\Program Files\Windows Live
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:24 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Windows Live Writer
2007-11-13 08:07 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 08:03 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 21:29 --------- d-----w C:\Program Files\Prassi PrimoCD Plus 2.0 (French)
2007-11-04 08:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-03 09:08 5,070 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-02 18:39 7,680 --sha-w C:\Program Files\Thumbs.db
2007-11-01 19:42 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\PC Tools
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-29 21:53 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\CyberLink
2007-10-29 18:36 --------- d-----w C:\Program Files\Macrogaming
2007-10-28 14:55 --------- d-----w C:\Program Files\compodif
2007-10-28 14:51 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-28 14:51 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-28 14:11 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Winamp
2007-10-28 10:29 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\DivX
2007-10-27 16:51 977,375 ------w C:\Program Files\realplay.chm
2007-10-27 16:51 73,439 ------w C:\Program Files\howto.chm
2007-10-27 16:51 719,360 ------w C:\Program Files\dbghelp.dll
2007-10-27 16:51 667,648 ------w C:\Program Files\rjbres.dll
2007-10-27 16:51 656,503 ------w C:\Program Files\normal.vs
2007-10-27 16:51 61,495 ------w C:\Program Files\ssimages.vs
2007-10-27 16:51 61,440 ------w C:\Program Files\rjwmapln.dll
2007-10-27 16:51 61,208 ------w C:\Program Files\RealNetworks License.html
2007-10-27 16:51 61,208 ------w C:\Program Files\playrlic.html
2007-10-27 16:51 58,943 ------w C:\Program Files\RealNetworks License.txt
2007-10-27 16:51 58,943 ------w C:\Program Files\playrlic.txt
2007-10-27 16:51 57,344 ------w C:\Program Files\tpasdk.dll
2007-10-27 16:51 568 ------w C:\Program Files\fpsectbl
2007-10-27 16:51 54,600 ------w C:\Program Files\rpshellsearch.dll
2007-10-27 16:51 53,098 ------w C:\Program Files\presets.rnx
2007-10-27 16:51 49,152 ------w C:\Program Files\mmcdda32.dll
2007-10-27 16:51 49,152 ------w C:\Program Files\ierjplug.dll
2007-10-27 16:51 480 ------w C:\Program Files\keys.dat
2007-10-27 16:51 45,056 ------w C:\Program Files\rpau3260.dll
2007-10-27 16:51 339,968 ------w C:\Program Files\dtdr3260.dll
2007-10-27 16:51 335,872 ------w C:\Program Files\rjdlg.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\tnetdtct.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\rpwa3260.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\rjprog.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Internet Eraser"="C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2007-03-09 18:30]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-02-05 09:07]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-02-05 09:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 21:03]
"WinDVR SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-01-24 05:37]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-24 04:51]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-27 17:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 20:29]
"MagicSpeed"="C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" [2004-01-12 09:13]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 15:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-01-24 05:37]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-04-17 22:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 12:29]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 18:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2001-10-19 00:02]
"CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 20:10]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 06:38 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 22:52]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 11:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 17:05:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-29 17:07:54
.
2007-12-12 08:11:41 --- E O F ---

J'ai aussis virer logiteck desktop messenger mais le blocage du pc toute les minutes continu.

Une nouveauté, j'avais scanné mon pc hier avec spyware doctor et je viens de le refaire.
Hier rien et aujourd'hui :
-Tracking cookies xiti.com/xiti.com

-Trojan.PWS.transpy Hkeys_local_machine\software\microsoft\windows\current\version\controlP...\load

-Trojan.generic Hkeys_users\S-5-21-796845957-630328440-839522115-1004\software\Wget

Re, voici la suite:


1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

Citation :

Folder:: C:\Documents and Settings\All Users\Application Data\SecTaskMan

- Enregistre ce fichier dans: Bureau

- Nom du fichier : CFScript

- Type du fichier : tous les fichiers

- Clique sur Enregistrer

- Quitte le Bloc Notes

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

http://img.photobucket.com/albums/v[...]Bs/CFScript.gif

- Une fenêtre bleue va apparaître: au message suivant:

Type 1 to continue, or 2 to abort tape 1 puis valide.

- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises, c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt

- Poste un nouveau log hijackthis

Bonjour, pendant le scan combofix, mon antivirus kaspersky c'est déclenché 3 fois pour :

Trojan.win32.inject.ph dans C:/Docum~1/logear~1/locals~1/temp/bjpevoyrMickael.dll

avec 2 options ( ignorer et supprimer )
si je clique sur supprimer, la même fenêtre réapparait avec seulement l'option ignorer.

Voici le log combofix :

ComboFix 07-12-21.4 - LOGEARD Mickael 2007-12-30 11:28:27.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.564 [GMT 1:00]
Running from: C:\Documents and Settings\LOGEARD Mickael\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\LOGEARD Mickael\Bureau\cfscript.txt
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\BackWeb-8876480.exe.q_34924000_q
C:\Documents and Settings\All Users\Application Data\SecTaskMan\BackWeb-8876480.exe.q_34924000_q.ini
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00006FCA9B229EC4896DC2FC53B9CA70.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_05CA691F59C71E249974DBBA81FBC3C8
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_05CA691F59C71E249974DBBA81FBC3C8.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B080C3E5F32FA94988FE8D8CB986E95
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B080C3E5F32FA94988FE8D8CB986E95.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_12341
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_12345
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_17400AB28230347339DBAF1833357A38.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_178535099B1899D4A8317AEE792F7DEF
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_178535099B1899D4A8317AEE792F7DEF.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1F3B805BA42A0C233B0158879691FE82.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_22DD1096A725FE1409958EF1DE9E4E49
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_22DD1096A725FE1409958EF1DE9E4E49.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_243493A986A4ABE4586A555B954F7E00
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_243493A986A4ABE4586A555B954F7E00.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_271A48771F16E54438860661700EDD22
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_271A48771F16E54438860661700EDD22.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_29FE602138E29584CABC02843CBCD76A.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_32F08EBE021D5F141814E55F638CDBA7
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_32F08EBE021D5F141814E55F638CDBA7.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_382244D9DA8894F4588681ECE6AA51FA
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_382244D9DA8894F4588681ECE6AA51FA.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3AAE86E4A57724540AA874BDE8E8476A
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3AAE86E4A57724540AA874BDE8E8476A.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4301AEBD288588A40833184CFEC0AF92
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4301AEBD288588A40833184CFEC0AF92.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_44483C3ECADB2E04C9849F648B8D2EEA
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_44483C3ECADB2E04C9849F648B8D2EEA.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_445E44DF0D7EABD4F90AA81E1A033009
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_445E44DF0D7EABD4F90AA81E1A033009.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4476FDAB78736F848B9CC4945904D156
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4476FDAB78736F848B9CC4945904D156.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4A7BEBF5F732A02478EE94BBA52072DE
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4A7BEBF5F732A02478EE94BBA52072DE.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4C7B834C8F4B5C944AFDFFF6F1427287
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4C7B834C8F4B5C944AFDFFF6F1427287.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_508A456A9D147C04AA64A40FF440D416
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_508A456A9D147C04AA64A40FF440D416.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A36D6F32DB3F649B3A784F24244318
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A36D6F32DB3F649B3A784F24244318.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_643483E6C1DC00A48958CBE8A605CE5B
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_643483E6C1DC00A48958CBE8A605CE5B.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA746454382080000000030
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA746454382080000000030.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA76301B7448A0100000030
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA76301B7448A0100000030.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_694456D3D3C9565458C8E355E1DC4A2E
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_694456D3D3C9565458C8E355E1DC4A2E.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7BD25099295922545A854571BBDA84EE
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7BD25099295922545A854571BBDA84EE.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B024059C2814AE9458A06A2ABA0FC6B6
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B024059C2814AE9458A06A2ABA0FC6B6.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B38F40E19BA21034E97F8E36707FC927
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B38F40E19BA21034E97F8E36707FC927.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B7838C8CB89A8E4408A7A1B9F715FFAD
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B7838C8CB89A8E4408A7A1B9F715FFAD.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C040820900063D11C8EF00054038389C
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C040820900063D11C8EF00054038389C.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_c049C053C7D38EE4AB9A00CB3B5D2472
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_c049C053C7D38EE4AB9A00CB3B5D2472.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C141C48B31A9EB44A99603D1B7118D63
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C141C48B31A9EB44A99603D1B7118D63.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D014477C9FE37ED4CA1033623161E3FC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D014477C9FE37ED4CA1033623161E3FC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D95C861BFCF5CEE44B46FB7A8A621605
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D95C861BFCF5CEE44B46FB7A8A621605.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DA79C8A0DEED49844B64A3AB597AD7D0
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DA79C8A0DEED49844B64A3AB597AD7D0.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DF5E4AFA07DE29D4990D61F25DD69C68
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DF5E4AFA07DE29D4990D61F25DD69C68.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_F2507A5F4FA2ABC49815629B4167DBBA
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_F2507A5F4FA2ABC49815629B4167DBBA.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_F8C0C4671B1BFB94EACDE4848E756A76
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_F8C0C4671B1BFB94EACDE4848E756A76.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_FA2589B80B0B7B74B95C989AD5776B9C
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_FA2589B80B0B7B74B95C989AD5776B9C.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 17:24 . 2007-12-28 17:24 <REP> d-------- C:\Program Files\Trend Micro
2007-12-26 16:26 . 2007-12-26 16:26 <REP> d-------- C:\Program Files\C-Media
2007-12-26 16:13 . 2007-12-26 16:13 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\ATI
2007-12-26 16:13 . 2007-12-26 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-26 16:05 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-26 15:40 . 2007-12-26 15:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-26 13:11 . 2007-12-26 13:11 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-26 13:11 . 2007-12-26 13:11 264 --a------ C:\WINDOWS\system32\LEXSUP.HTM
2007-12-23 16:12 . 2007-12-23 16:13 <REP> d-------- C:\regseeker
2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 17:43 . 2007-12-18 17:43 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.57
2007-12-18 17:43 . 2005-07-11 08:28 8,802 -ra------ C:\WINDOWS\AmvTransform.ini
2007-12-18 17:43 . 2005-07-07 02:07 7,763 -ra------ C:\WINDOWS\AmvPlayer.ini
2007-12-18 17:43 . 2005-05-11 04:05 7,207 -ra------ C:\WINDOWS\Disktool.INI
2007-12-18 17:43 . 2005-06-24 04:25 6,565 -ra------ C:\WINDOWS\fwupgrade.ini
2007-12-18 17:43 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2007-12-18 17:26 . 2007-12-18 17:26 73 --a------ C:\WINDOWS\MediaManager.INI
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-06 14:06 . 2007-12-06 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2007-12-05 04:05 . 2007-12-05 04:05 368,640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:48 . 2007-12-05 03:48 9,535,488 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-05 03:48 . 2007-12-05 03:48 6,217,728 --a------ C:\WINDOWS\system32\Atioglgl.dll
2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-12-05 03:33 . 2007-12-05 03:33 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-12-05 03:19 . 2007-12-05 03:19 385,024 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-12-05 03:16 . 2007-12-05 03:16 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 03:14 . 2007-12-05 03:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-11-30 11:13 . 2001-08-23 17:47 46,080 --a--c--- C:\WINDOWS\system32\dllcache\esunib.dll
2007-11-30 11:13 . 2001-08-23 17:47 46,080 --a--c--- C:\WINDOWS\system32\dllcache\esuni.dll
2007-11-30 11:13 . 2001-08-23 17:47 34,816 --a--c--- C:\WINDOWS\system32\dllcache\esuimg.dll
2007-11-30 11:13 . 2001-08-17 20:12 16,998 --a--c--- C:\WINDOWS\system32\dllcache\ex10.sys
2007-11-30 11:13 . 2001-08-17 20:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2007-11-30 11:13 . 2001-08-17 20:11 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2007-11-30 11:13 . 2001-08-17 20:11 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2007-11-30 11:13 . 2001-08-17 21:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\exabyte2.sys
2007-11-30 11:11 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-11-30 11:10 . 2001-08-23 17:47 422,429 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2007-11-30 11:09 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-11-30 11:08 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-11-30 11:07 . 2004-08-04 00:54 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2007-11-30 11:06 . 2001-08-17 20:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-11-30 11:05 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 22:52 . 2007-11-28 22:52 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-11-28 22:52 . 2007-11-28 22:52 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-11-28 22:50 . 2007-11-28 22:50 11,717 --a------ C:\WINDOWS\atiogl.xml
2007-11-27 17:33 . 2007-11-27 17:56 2,119 --a------ C:\WINDOWS\checkip.dat
2007-11-26 16:42 . 2007-11-26 16:42 <REP> d-------- C:\Program Files\Aspecto Software
2007-11-26 15:58 . 2007-11-26 15:58 <REP> d-------- C:\WINDOWS\CatRoot
2007-11-26 15:58 . 2007-11-26 15:58 <REP> d-------- C:\Program Files\Vimicro
2007-11-26 15:58 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-11-26 15:58 . 2004-08-31 13:26 233,539 --a------ C:\WINDOWS\system32\VM31bPrp.Ax
2007-11-26 15:58 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe
2007-11-26 15:58 . 2004-09-07 16:11 90,568 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-11-26 15:58 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-11-26 15:58 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe
2007-11-26 15:58 . 2004-06-09 15:37 40,960 --a------ C:\WINDOWS\Vm_sti.exe
2007-11-26 15:58 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll
2007-11-26 15:56 . 2007-11-26 15:56 <REP> d-------- C:\Program Files\eMPIA
2007-11-26 15:26 . 2007-11-26 15:26 <REP> d-------- C:\WINDOWS\system32\Epson
2007-11-26 15:21 . 2004-02-18 01:10 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2007-11-26 15:21 . 2004-05-21 05:04 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2007-11-26 15:21 . 2003-07-16 13:14 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-26 14:31 . 2007-11-26 14:34 <REP> d-------- C:\tmp
2007-11-21 19:50 . 2007-11-21 19:50 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\Leadertech
2007-11-17 16:13 . 2007-11-17 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-11-15 19:09 . 2007-11-15 19:09 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2007-11-13 09:24 . 2007-11-13 09:24 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\Windows Live Writer
2007-11-13 09:08 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-13 09:07 . 2007-11-13 09:07 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 09:01 . 2007-11-13 09:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-06 15:19 . 2007-11-06 15:19 158,080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-11-03 19:08 . 2007-11-04 09:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-11-03 19:01 . 2007-11-13 13:12 <REP> d-------- C:\Program Files\Windows Live
2007-11-03 10:08 . 2007-11-03 10:08 5,070 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-02 19:39 . 2007-11-02 19:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-02 10:10 . 2007-10-27 11:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-02 10:10 . 2007-10-27 11:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-02 10:10 . 2007-10-27 10:06 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 10:36 24,109,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-30 10:33 1,063,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-30 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:10 325,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:10 102,452 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 15:43 --------- d-----w C:\Program Files\Winamp
2007-12-29 08:00 --------- d-----w C:\Program Files\Lx_cats
2007-12-26 15:26 818,496 ----a-w C:\WINDOWS\system32\drivers\cmuda.sys
2007-12-26 15:26 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll
2007-12-26 15:26 712,704 ----a-w C:\WINDOWS\system32\a3d.dll
2007-12-26 15:26 28,672 ----a-w C:\WINDOWS\system32\cmirmdrv.dll
2007-12-26 15:26 233,472 ----a-w C:\WINDOWS\system32\cmirmdrv.exe
2007-12-26 15:26 151,552 ----a-w C:\WINDOWS\system32\cmuda.dll
2007-12-26 15:06 --------- d-----w C:\Program Files\ATI Technologies
2007-12-20 18:25 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-19 06:27 --------- d-----w C:\Program Files\Micro Application
2007-12-18 16:30 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Intervideo
2007-12-13 22:19 --------- d-----w C:\Program Files\DivX
2007-12-12 21:33 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-30 07:25 684,032 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-11-26 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-26 15:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-22 11:03 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 21:29 --------- d-----w C:\Program Files\Prassi PrimoCD Plus 2.0 (French)
2007-11-02 18:39 7,680 --sha-w C:\Program Files\Thumbs.db
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-29 21:53 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\CyberLink
2007-10-29 18:36 --------- d-----w C:\Program Files\Macrogaming
2007-10-28 14:55 --------- d-----w C:\Program Files\compodif
2007-10-28 14:51 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-28 14:51 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-28 14:11 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Winamp
2007-10-28 10:29 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\DivX
2007-10-27 16:51 977,375 ------w C:\Program Files\realplay.chm
2007-10-27 16:51 73,439 ------w C:\Program Files\howto.chm
2007-10-27 16:51 719,360 ------w C:\Program Files\dbghelp.dll
2007-10-27 16:51 667,648 ------w C:\Program Files\rjbres.dll
2007-10-27 16:51 656,503 ------w C:\Program Files\normal.vs
2007-10-27 16:51 61,495 ------w C:\Program Files\ssimages.vs
2007-10-27 16:51 61,440 ------w C:\Program Files\rjwmapln.dll
2007-10-27 16:51 61,208 ------w C:\Program Files\RealNetworks License.html
2007-10-27 16:51 61,208 ------w C:\Program Files\playrlic.html
2007-10-27 16:51 58,943 ------w C:\Program Files\RealNetworks License.txt
2007-10-27 16:51 58,943 ------w C:\Program Files\playrlic.txt
2007-10-27 16:51 57,344 ------w C:\Program Files\tpasdk.dll
2007-10-27 16:51 568 ------w C:\Program Files\fpsectbl
2007-10-27 16:51 54,600 ------w C:\Program Files\rpshellsearch.dll
2007-10-27 16:51 53,098 ------w C:\Program Files\presets.rnx
2007-10-27 16:51 49,152 ------w C:\Program Files\mmcdda32.dll
2007-10-27 16:51 49,152 ------w C:\Program Files\ierjplug.dll
2007-10-27 16:51 480 ------w C:\Program Files\keys.dat
2007-10-27 16:51 45,056 ------w C:\Program Files\rpau3260.dll
2007-10-27 16:51 339,968 ------w C:\Program Files\dtdr3260.dll
2007-10-27 16:51 335,872 ------w C:\Program Files\rjdlg.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\tnetdtct.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\rpwa3260.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\rjprog.dll
2007-10-27 16:51 28,672 ------w C:\Program Files\wmdmhelper.dll
2007-10-27 16:51 20,480 ------w C:\Program Files\fixrjb.exe
2007-10-27 16:51 2,851 ------w C:\Program Files\cdroms.cfg
2007-10-27 16:51 16,296 ------w C:\Program Files\realtfon.fon
2007-10-27 16:51 139,264 ------w C:\Program Files\DUNZIP32.dll
2007-10-27 16:51 119,808 ------w C:\Program Files\waiting.avi
2007-10-27 16:51 11,444 ------w C:\Program Files\frw.bmp
2007-10-27 16:51 102,400 ------w C:\Program Files\tsasdk.dll
2007-10-27 16:50 86,016 ------w C:\Program Files\rpplugprot.dll
2007-10-27 16:50 70 ------w C:\Program Files\strs23.dat
2007-10-27 16:50 682 ------w C:\Program Files\realplay.exe.manifest
2007-10-27 16:50 57,344 ------w C:\Program Files\rdsf3260.dll
2007-10-27 16:50 54,584 ------w C:\Program Files\rpshell.dll
2007-10-27 16:50 29,773 ------w C:\Program Files\Readme.html
2007-10-27 16:50 23,558 ------w C:\Program Files\freeoffers.ico
2007-10-27 16:50 221 ------w C:\Program Files\subscription.rnx
2007-10-27 16:50 214,608 ------w C:\Program Files\realplay.exe
2007-10-27 16:50 20,480 ------w C:\Program Files\rphelperapp.exe
2007-10-27 16:50 20,480 ------w C:\Program Files\realjbox.exe
2007-10-27 16:50 177 ------w C:\Program Files\freeoffers.rnx
2007-10-27 16:50 17,846 ------w C:\Program Files\videotest.rm
2007-10-27 16:50 15 ------w C:\Program Files\strs26.dat
2007-10-27 16:50 1,042 ------w C:\Program Files\autoplaylist.dat
2007-10-27 13:49 769,536 ----a-w C:\Documents and Settings\LOGEARD Mickael\Application Data\sfdnwin.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-29_17.06.54,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-28 07:15:34 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-30 10:13:40 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-28 07:15:34 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-30 10:13:40 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-28 07:15:34 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-30 10:13:40 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-30 10:13:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_44c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Internet Eraser"="C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2007-03-09 18:30]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-02-05 09:07]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-02-05 09:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 21:03]
"WinDVR SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-01-24 05:37]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-24 04:51]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-27 17:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 20:29]
"MagicSpeed"="C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" [2004-01-12 09:13]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 15:36]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-01-24 05:37]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-04-17 22:52]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 12:29]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 18:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2001-10-19 00:02]
"CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 20:10]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 06:38 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 22:52]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 11:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-30 10:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 11:34:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 11:37:20
C:\ComboFix2.txt ... 2007-12-29 17:07
.
2007-12-12 08:11:41 --- E O F ---

Et le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:57, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System\SmWizard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.marvell.com/yukon/support/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MagicSpeed] C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe /autorun
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 11231 bytes

Bonjour loge,


1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

Citation :

File:: C:/Docum~1/logear~1/locals~1/temp/bjpevoyrMickael.dll

- Enregistre ce fichier dans: Bureau

- Nom du fichier : CFScript

- Type du fichier : tous les fichiers

- Clique sur Enregistrer

- Quitte le Bloc Notes

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

http://img.photobucket.com/albums/v[...]Bs/CFScript.gif

- Une fenêtre bleue va apparaître: au message suivant:

Type 1 to continue, or 2 to abort tape 1 puis valide.

- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises, c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt

J'ai fait ce que vous m'avez demandé. Pendant le scan, j'ai encore eu 3 fois la même alerte.
Voici le log combofix :

ComboFix 07-12-21.4 - LOGEARD Mickael 2007-12-30 21:56:47.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.540 [GMT 1:00]
Running from: C:\Documents and Settings\LOGEARD Mickael\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\LOGEARD Mickael\Bureau\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.

2007-12-30 11:47 . 2007-12-30 11:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 17:24 . 2007-12-28 17:24 <REP> d-------- C:\Program Files\Trend Micro
2007-12-26 16:26 . 2007-12-26 16:26 <REP> d-------- C:\Program Files\C-Media
2007-12-26 16:13 . 2007-12-26 16:13 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\ATI
2007-12-26 16:13 . 2007-12-26 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-26 16:05 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-26 15:40 . 2007-12-26 15:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-26 13:11 . 2007-12-26 13:11 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-26 13:11 . 2007-12-26 13:11 264 --a------ C:\WINDOWS\system32\LEXSUP.HTM
2007-12-23 16:12 . 2007-12-23 16:13 <REP> d-------- C:\regseeker
2007-12-23 11:39 . 2007-12-23 11:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 17:43 . 2007-12-18 17:43 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.57
2007-12-18 17:43 . 2005-07-11 08:28 8,802 -ra------ C:\WINDOWS\AmvTransform.ini
2007-12-18 17:43 . 2005-07-07 02:07 7,763 -ra------ C:\WINDOWS\AmvPlayer.ini
2007-12-18 17:43 . 2005-05-11 04:05 7,207 -ra------ C:\WINDOWS\Disktool.INI
2007-12-18 17:43 . 2005-06-24 04:25 6,565 -ra------ C:\WINDOWS\fwupgrade.ini
2007-12-18 17:43 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2007-12-18 17:26 . 2007-12-18 17:26 73 --a------ C:\WINDOWS\MediaManager.INI
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-06 14:06 . 2007-12-06 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2007-12-05 04:05 . 2007-12-05 04:05 368,640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:48 . 2007-12-05 03:48 9,535,488 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-05 03:48 . 2007-12-05 03:48 6,217,728 --a------ C:\WINDOWS\system32\Atioglgl.dll
2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-12-05 03:33 . 2007-12-05 03:33 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-12-05 03:33 . 2007-12-05 03:33 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-12-05 03:19 . 2007-12-05 03:19 385,024 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-12-05 03:16 . 2007-12-05 03:16 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 03:14 . 2007-12-05 03:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-11-30 11:13 . 2001-08-23 17:47 46,080 --a--c--- C:\WINDOWS\system32\dllcache\esunib.dll
2007-11-30 11:13 . 2001-08-23 17:47 46,080 --a--c--- C:\WINDOWS\system32\dllcache\esuni.dll
2007-11-30 11:13 . 2001-08-23 17:47 34,816 --a--c--- C:\WINDOWS\system32\dllcache\esuimg.dll
2007-11-30 11:13 . 2001-08-17 20:12 16,998 --a--c--- C:\WINDOWS\system32\dllcache\ex10.sys
2007-11-30 11:13 . 2001-08-17 20:12 16,074 --a--c--- C:\WINDOWS\system32\dllcache\fa312nd5.sys
2007-11-30 11:13 . 2001-08-17 20:11 12,362 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2007-11-30 11:13 . 2001-08-17 20:11 11,850 --a--c--- C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2007-11-30 11:13 . 2001-08-17 21:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\exabyte2.sys
2007-11-30 11:11 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-11-30 11:10 . 2001-08-23 17:47 422,429 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2007-11-30 11:09 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-11-30 11:08 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-11-30 11:07 . 2004-08-04 00:54 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2007-11-30 11:06 . 2001-08-17 20:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2007-11-30 11:05 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 22:52 . 2007-11-28 22:52 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-11-28 22:52 . 2007-11-28 22:52 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-11-28 22:50 . 2007-11-28 22:50 11,717 --a------ C:\WINDOWS\atiogl.xml
2007-11-27 17:33 . 2007-12-30 17:26 2,771 --a------ C:\WINDOWS\checkip.dat
2007-11-26 16:42 . 2007-11-26 16:42 <REP> d-------- C:\Program Files\Aspecto Software
2007-11-26 15:58 . 2007-11-26 15:58 <REP> d-------- C:\WINDOWS\CatRoot
2007-11-26 15:58 . 2007-11-26 15:58 <REP> d-------- C:\Program Files\Vimicro
2007-11-26 15:58 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-11-26 15:58 . 2004-08-31 13:26 233,539 --a------ C:\WINDOWS\system32\VM31bPrp.Ax
2007-11-26 15:58 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe
2007-11-26 15:58 . 2004-09-07 16:11 90,568 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-11-26 15:58 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-11-26 15:58 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe
2007-11-26 15:58 . 2004-06-09 15:37 40,960 --a------ C:\WINDOWS\Vm_sti.exe
2007-11-26 15:58 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll
2007-11-26 15:56 . 2007-11-26 15:56 <REP> d-------- C:\Program Files\eMPIA
2007-11-26 15:26 . 2007-11-26 15:26 <REP> d-------- C:\WINDOWS\system32\Epson
2007-11-26 15:21 . 2004-02-18 01:10 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2007-11-26 15:21 . 2004-05-21 05:04 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2007-11-26 15:21 . 2003-07-16 13:14 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-26 14:31 . 2007-11-26 14:34 <REP> d-------- C:\tmp
2007-11-21 19:50 . 2007-11-21 19:50 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\Leadertech
2007-11-17 16:13 . 2007-11-17 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-11-15 19:09 . 2007-11-15 19:09 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2007-11-13 09:24 . 2007-11-13 09:24 <REP> d-------- C:\Documents and Settings\LOGEARD Mickael\Application Data\Windows Live Writer
2007-11-13 09:08 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-13 09:07 . 2007-11-13 09:07 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 09:01 . 2007-11-13 09:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-06 15:19 . 2007-11-06 15:19 158,080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-11-03 19:08 . 2007-11-04 09:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-11-03 19:01 . 2007-11-13 13:12 <REP> d-------- C:\Program Files\Windows Live
2007-11-03 10:08 . 2007-11-03 10:08 5,070 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-02 19:39 . 2007-11-02 19:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-02 10:10 . 2007-10-27 11:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-02 10:10 . 2007-10-27 11:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:01 24,491,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-30 21:01 1,076,512 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-30 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 15:38 331,040 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-30 15:38 103,820 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 15:43 --------- d-----w C:\Program Files\Winamp
2007-12-29 08:00 --------- d-----w C:\Program Files\Lx_cats
2007-12-26 15:26 818,496 ----a-w C:\WINDOWS\system32\drivers\cmuda.sys
2007-12-26 15:26 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll
2007-12-26 15:26 712,704 ----a-w C:\WINDOWS\system32\a3d.dll
2007-12-26 15:26 28,672 ----a-w C:\WINDOWS\system32\cmirmdrv.dll
2007-12-26 15:26 233,472 ----a-w C:\WINDOWS\system32\cmirmdrv.exe
2007-12-26 15:26 151,552 ----a-w C:\WINDOWS\system32\cmuda.dll
2007-12-26 15:06 --------- d-----w C:\Program Files\ATI Technologies
2007-12-20 18:25 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-19 06:27 --------- d-----w C:\Program Files\Micro Application
2007-12-18 16:30 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Intervideo
2007-12-13 22:19 --------- d-----w C:\Program Files\DivX
2007-12-12 21:33 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-30 07:25 684,032 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-11-26 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-26 15:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-22 11:03 --------- d-----w C:\Program Files\WinAVI Video Converter
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 21:29 --------- d-----w C:\Program Files\Prassi PrimoCD Plus 2.0 (French)
2007-11-02 18:39 7,680 --sha-w C:\Program Files\Thumbs.db
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-29 21:53 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\CyberLink
2007-10-29 18:36 --------- d-----w C:\Program Files\Macrogaming
2007-10-28 14:55 --------- d-----w C:\Program Files\compodif
2007-10-28 14:51 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-28 14:51 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-28 14:11 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\Winamp
2007-10-28 10:29 --------- d-----w C:\Documents and Settings\LOGEARD Mickael\Application Data\DivX
2007-10-27 16:51 977,375 ------w C:\Program Files\realplay.chm
2007-10-27 16:51 73,439 ------w C:\Program Files\howto.chm
2007-10-27 16:51 719,360 ------w C:\Program Files\dbghelp.dll
2007-10-27 16:51 667,648 ------w C:\Program Files\rjbres.dll
2007-10-27 16:51 656,503 ------w C:\Program Files\normal.vs
2007-10-27 16:51 61,495 ------w C:\Program Files\ssimages.vs
2007-10-27 16:51 61,440 ------w C:\Program Files\rjwmapln.dll
2007-10-27 16:51 61,208 ------w C:\Program Files\RealNetworks License.html
2007-10-27 16:51 61,208 ------w C:\Program Files\playrlic.html
2007-10-27 16:51 58,943 ------w C:\Program Files\RealNetworks License.txt
2007-10-27 16:51 58,943 ------w C:\Program Files\playrlic.txt
2007-10-27 16:51 57,344 ------w C:\Program Files\tpasdk.dll
2007-10-27 16:51 568 ------w C:\Program Files\fpsectbl
2007-10-27 16:51 54,600 ------w C:\Program Files\rpshellsearch.dll
2007-10-27 16:51 53,098 ------w C:\Program Files\presets.rnx
2007-10-27 16:51 49,152 ------w C:\Program Files\mmcdda32.dll
2007-10-27 16:51 49,152 ------w C:\Program Files\ierjplug.dll
2007-10-27 16:51 480 ------w C:\Program Files\keys.dat
2007-10-27 16:51 45,056 ------w C:\Program Files\rpau3260.dll
2007-10-27 16:51 339,968 ------w C:\Program Files\dtdr3260.dll
2007-10-27 16:51 335,872 ------w C:\Program Files\rjdlg.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\tnetdtct.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\rpwa3260.dll
2007-10-27 16:51 32,768 ------w C:\Program Files\rjprog.dll
2007-10-27 16:51 28,672 ------w C:\Program Files\wmdmhelper.dll
2007-10-27 16:51 20,480 ------w C:\Program Files\fixrjb.exe
2007-10-27 16:51 2,851 ------w C:\Program Files\cdroms.cfg
2007-10-27 16:51 16,296 ------w C:\Program Files\realtfon.fon
2007-10-27 16:51 139,264 ------w C:\Program Files\DUNZIP32.dll
2007-10-27 16:51 119,808 ------w C:\Program Files\waiting.avi
2007-10-27 16:51 11,444 ------w C:\Program Files\frw.bmp
2007-10-27 16:51 102,400 ------w C:\Program Files\tsasdk.dll
2007-10-27 16:50 86,016 ------w C:\Program Files\rpplugprot.dll
2007-10-27 16:50 70 ------w C:\Program Files\strs23.dat
2007-10-27 16:50 682 ------w C:\Program Files\realplay.exe.manifest
2007-10-27 16:50 57,344 ------w C:\Program Files\rdsf3260.dll
2007-10-27 16:50 54,584 ------w C:\Program Files\rpshell.dll
2007-10-27 16:50 29,773 ------w C:\Program Files\Readme.html
2007-10-27 16:50 23,558 ------w C:\Program Files\freeoffers.ico
2007-10-27 16:50 221 ------w C:\Program Files\subscription.rnx
2007-10-27 16:50 214,608 ------w C:\Program Files\realplay.exe
2007-10-27 16:50 20,480 ------w C:\Program Files\rphelperapp.exe
2007-10-27 16:50 20,480 ------w C:\Program Files\realjbox.exe
2007-10-27 16:50 177 ------w C:\Program Files\freeoffers.rnx
2007-10-27 16:50 17,846 ------w C:\Program Files\videotest.rm
2007-10-27 16:50 15 ------w C:\Program Files\strs26.dat
2007-10-27 16:50 1,042 ------w C:\Program Files\autoplaylist.dat
2007-10-27 13:49 769,536 ----a-w C:\Documents and Settings\LOGEARD Mickael\Application Data\sfdnwin.dll
2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-29_17.06.54,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-28 07:15:34 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-30 10:13:40 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-28 07:15:34 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-30 10:13:40 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-28 07:15:34 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-30 10:13:40 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-16 18:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-12-30 15:40:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_27c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"Free Internet Eraser"="C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2007-03-09 18:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-02-05 09:07]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-02-05 09:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 21:03]
"WinDVR SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-01-24 05:37]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-01-24 05:37]
"CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 10:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 20:10]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 16:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 10:45 63712 --------- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --------- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-05 13:00 15360 --------- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2001-10-19 00:02 98357 --------- C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2004-09-17 18:24 61440 --------- C:\Program Files\Lexmark 6200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
C:\Program Files\My Lockbox\flockbox.exe /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:07 1289000 --------- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
2005-01-18 15:36 196608 --------- C:\Program Files\Lexmark 6200 Series\lxbumon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicSpeed]
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-28 20:29 32768 --------- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --------- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 06:28 36352 --------- C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
2005-01-24 04:51 233472 --------- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 22:52]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 11:40]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc []
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-30 20:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 22:01:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 22:03:16
C:\ComboFix2.txt ... 2007-12-30 11:37
C:\ComboFix3.txt ... 2007-12-29 17:07
.
2007-12-12 08:11:41 --- E O F ---

bonjour loge, j'aimerais vérifier un autre point :

==> Imprime cette réponse le nettoyage va se dérouler en mode sans échec et sans prise en charge du réseau.

==> Télécharge SDFix http://downloads.andymanchesta.com/[...]Tools/SDFix.exe (de AndyManchesta) et enregistre le sur ton Bureau.
- Double clic sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

==> Redémarre en mode sans échec

Citation :

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les les fléches de direction et choisis Mode sans échec. Choisis ta session et non la session Administrateur

==> Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur ( C:\ ) et double clique sur RunThis.bat pour lancer le script.


* Appuie sur Y pour commencer le processus de nettoyage.

* Sdfix va supprimer les services et les entrées du Registre des trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.

* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport de SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.


==> Copie/Colle le contenu du fichier Report.txt dans ta prochaine réponse, avec un nouveau rapport Hijack

Bonjour, SDfix fait voici le rapport :


SDFix: Version 1.120

Run by LOGEARD Mickael on 31/12/2007 at 09:44

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 09:50:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000b0d64bdf9]
"0012373e5656"=hex:ce,67,01,11,8e,34,b6,b5,aa,11,6b,88,e8,33,f6,14
"001700f03460"=hex:ea,5d,60,50,d6,2d,0c,c5,ad,aa,c1,2d,97,4c,34,02
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d64bdf9]
"0012373e5656"=hex:ce,67,01,11,8e,34,b6,b5,aa,11,6b,88,e8,33,f6,14
"001700f03460"=hex:ea,5d,60,50,d6,2d,0c,c5,ad,aa,c1,2d,97,4c,34,02
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{eccb22d2-5e8b-4d79-9f62-974d21d134ed}]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Collection Name"="Vue g\xe9n\xe9rale du syst\xe8me"
"Collection Name Indirect"="@C:\WINDOWS\system32\smlogcfg.dll,-731"
"Counter List"=str(7):"\Processor(_Total)\% Processor Time\0\Memory\Pages/sec\0\PhysicalDisk(_Total)\Avg. Disk Queue Length\0"
"Comment"="Cet exemple de journal fournit une vue d'ensemble des performances du syst\xe8me."
"Commentaire indirect"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"RealTime DataSource"=dword:00000001
"Log File Max Size"=dword:ffffffff
"Attributs du magasin de donn\x00e9es"=dword:00000021
"Log File Base Name"="System_Overview"
"Nom de la base du fichier journal indirect"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
"Sql Log Base Name"="SQL:!Vue g\xe9n\xe9rale du syst\xe8me"
"Log File Serial Number"=dword:00000001
"Log File Folder"="C:\PerfLogs"
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"ExecuteOnly"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d64bdf9]
"0012373e5656"=hex:ce,67,01,11,8e,34,b6,b5,aa,11,6b,88,e8,33,f6,14
"001700f03460"=hex:ea,5d,60,50,d6,2d,0c,c5,ad,aa,c1,2d,97,4c,34,02
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SysmonLog\Log Queries\{eccb22d2-5e8b-4d79-9f62-974d21d134ed}]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Collection Name"="Vue g\xe9n\xe9rale du syst\xe8me"
"Collection Name Indirect"="@C:\WINDOWS\system32\smlogcfg.dll,-731"
"Counter List"=str(7):"\Processor(_Total)\% Processor Time\0\Memory\Pages/sec\0\PhysicalDisk(_Total)\Avg. Disk Queue Length\0"
"Comment"="Cet exemple de journal fournit une vue d'ensemble des performances du syst\xe8me."
"Commentaire indirect"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"RealTime DataSource"=dword:00000001
"Log File Max Size"=dword:ffffffff
"Attributs du magasin de donn\x00e9es"=dword:00000021
"Log File Base Name"="System_Overview"
"Nom de la base du fichier journal indirect"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
"Sql Log Base Name"="SQL:!Vue g\xe9n\xe9rale du syst\xe8me"
"Log File Serial Number"=dword:00000001
"Log File Folder"="C:\PerfLogs"
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"ExecuteOnly"=dword:00000001

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A6BB6AA-B1C8-4C65-C91A-E29692400295}]
"oalijoiegkikjcohkbchjkodfoancg"=hex:64,61,6b,67,6e,61,65,6d,00,70
"oapojcabipmdblmcmplodjmhfndpmb"=hex:6b,61,6c,67,6a,61,6a,63,67,69,64,63,61,63,6b,66,68,6b,68,6c,62,..
"nafopbkkkbbjdnneapaljpciifik"=hex:6b,61,6c,67,6a,61,6a,63,67,69,64,63,61,63,6b,66,68,6b,68,6c,62,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 27 Oct 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Sat 27 Oct 2007 1,024 ...HR --- "C:\WINDOWS\system32\ntiembed.dll"
Sat 27 Oct 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 8 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Et le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:57:45, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System\SmWizard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.marvell.com/yukon/support/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9411 bytes

Bonjour loge, on va continuer la traque:

- Télécharge Silentrunners http://www.silentrunners.org/Silent%20Runners.vbs Clic droit sur le lien et choisis Enregistrer la cible sous et enregistre ce fichier sur le bureau
Double clic sur Silentrunners, patiente un peu un rapport sera généré, quand ce sera terminé tu en sera averti, poste ce rapport

Bonjour zaede voici le rapport silentrunner :

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]
"Free Internet Eraser" = "C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"LXBUCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16" [MS]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data]
"Home Theater SchSvr" = ""C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"" ["InterVideo Inc."]
"CmCardRun" = "C:\WINDOWS\system32\CmWatch.exe" [empty string]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels"
-> {HKLM...CLSID} = "Périphériques Plug and Play universels"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Favoris Bluetooth"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["VERITAS Software, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Appareil mobile"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{Prevent access to registry editing tools}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\LOGEARD Mickael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"Vérifier les mises à jour de Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 32
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"
-> {HKLM...CLSID} = "SweetIM For Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll" ["Macrogaming"]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Créer un Favori de l'appareil mobile..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe" ["Broadcom Corporation"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
MD Simple Burner Service, NetMDSB, "C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe" ["Sony Corporation"]
Service d'application d'assistance IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Services TCP/IP simplifiés, SimpTcp, "C:\WINDOWS\system32\tcpsvcs.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
6200 Series Port\Driver = "lxbulmpm.DLL" ["Lexmark International, Inc."]
EPSON V6 Monitor4SA\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
LPR Port\Driver = "lprmon.dll" [MS]


---------- (launch time: 2008-01-02 20:29:37)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 60 seconds, including 11 seconds for message boxes)

RE, on continu les recherches:



Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- Nom de fichier à rechercher tape ou fais un copier coller de : oalijoiegkikjcohkbchjkodfoancg
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)

C'est fait voivi le rapport :

02/01/2008 ---- 23:26:48,17

----------------------------------
§§§§§§ [oalijoiegkikjcohkbchjkodfoancg] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Bonjour loge, on va vérifier avec kaspersky en ligne:



- Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

- En bas à droite clique sur Démarrer Online-scanner

- Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

- Accepte les Contrôle ActiveX

- Choisis Poste de travail pour le scan.

- Celui-ci terminé sauve (Choisis fichier texte) et poste le rapport

- Pour t'aider à utiliser le scan en ligne
http://www.malekal.com/scan_Av_en_l[...]#mozTocId291566

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

- Lis ceci en cas de problème d'installation du Contrôle ActivX:

http://cybersecurite.xooit.com/t123[...]les-ActiveX.htm

Voici le rapport kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 03, 2008 6:57:36 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 3/01/2008
Enregistrements dans la base antivirus Kaspersky : 469052
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Statistiques de l'analyse:
Total d'objets analysés: 61809
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:50:27

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1808_File_Monitoring_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1810_popupchk_eventcritlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1810_popupchk_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1811_pdm_eventcritlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1811_pdm_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1815_Web_Monitoring_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1824_AdBlocker_eventcritlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\1824_AdBlocker_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Application Data\Microsoft\Windows Live Contacts\loge_55@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Application Data\Microsoft\Windows Live Contacts\loge_55@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Historique\History.IE5\MSHist012008010320080104\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temp\Perflib_Perfdata_138.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temp\WCESLog.log L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temp\~DF46B9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temp\~DF46CE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temp\~DFD31F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temp\~DFD39E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LOGEARD Mickael\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Yahoo!\Messenger\logs\billing_LOGEARD Mickael.log L'objet est verrouillé ignoré
C:\Program Files\Yahoo!\Messenger\logs\client_LOGEARD Mickael.log L'objet est verrouillé ignoré
C:\Program Files\Yahoo!\Messenger\logs\network_LOGEARD Mickael.log L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{AA371165-4509-48D8-914B-DB80A130FAED}\RP95\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{48857761-7E58-44BF-AAA0-88DE0F55D819}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\cch~75bef04fe8.htp L'objet est verrouillé ignoré
C:\WINDOWS\Temp\cch~75bf0f2ee8.htp L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
F:\System Volume Information\_restore{AA371165-4509-48D8-914B-DB80A130FAED}\RP95\change.log L'objet est verrouillé ignoré
G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
G:\System Volume Information\_restore{AA371165-4509-48D8-914B-DB80A130FAED}\RP95\change.log L'objet est verrouillé ignoré
H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
H:\System Volume Information\_restore{AA371165-4509-48D8-914B-DB80A130FAED}\RP95\change.log L'objet est verrouillé ignoré

Analyse terminée.