Ralentissement PC

Bonjour, voilà depuis quelque temps mon pc est sujet à de sérieux ralentissement:
-Lors du lancement du pc : l'ordinateur reste 1 à 3 minutes bloqué sur le logo XP
-Lors du visionnement de certaines vidéo peu importe le lecteur
-Lors de la navigation sur internet
-Lors de session dans certain jeu vidéo: mon IPS est vraiment très bas: 25 IPs alors que dans le passé je tournais à 60-75 suivant les textures.

De plus certaines fois une application ouverte se ferme toute seule souvent msn ou mozilla. A l'époque j'utilisais Avast Familial

Je pense que cela est du à une infection, étant donné que ça c'est manifesté après une conversation sur msn de ma sœur au cours de laquelle elle a échanger des fichiers dont elle ne connaissait pas la nature.

Je tiens aussi à préciser que j'ai fait divers nettoyages de mon ordinateur : easy cleaner, ccleaner,spywaredoctor et des scans antivir et avast.

Merci d'avance pour l'aide que vous êtes susceptible de me fournir =D

Msn Fix:
MSNFix 1.726

C:\Documents and Settings\Syn@ps9\Bureau\MSNFix\MSNFix
Fix exécuté le 26/05/2008 - 11:13:07,81 By Syn@ps9
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\mcrh.tmp
... C:\WINDOWS\system32\mcrh.tmp

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\mcrh.tmp
.. OK ... C:\WINDOWS\system32\mcrh.tmp



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\temp0082.zip] F9474C4B5C75F1F64D52AA5BADA5BD23
[C:\WINDOWS\system32\temp2ae6.zip] 572C93CA659104ADDDEBA8CF6632795E

[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\Syn@ps9\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26052008_11164418.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.p [...] /32-alerte




HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:52, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nosign.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 213.186.39.157 l2testauthd.lineage2.com
O1 - Hosts: 213.186.39.157 l2authd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3D6E1A87-D539-AAB8-4B1A-828DBC5586EF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nosign_JL2005] nosign TRUST
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CyberStarter.lnk = C:\Program Files\vtech\CyberStarter\CyberStarter.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O20 - Winlogon Notify: urqqnnl - urqqnnl.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kwari.xLoader - Unknown owner - C:\Documents.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6087 bytes





Voilà les 2 rapports, et merci pour ton aide.

Salut,
oui j'ai bien uploadé le zip sur mon bureau

Pour le fichier Hosts c'est possible que ce soit moi qu'il l'ai modifié je me souviens d'avoir dû le modifier pour faire marcher une application ludique si je me souviens bien.

J'ai bien envoyé le zip du wupdmgr98.exe

Voici le rapport de combofix

ComboFix 08-06-20.4 - Syn@ps9 2008-06-26 11:55:06.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.712 [GMT 2:00]
Endroit: C:\Documents and Settings\Syn@ps9\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))
.

2008-05-26 11:20 . 2008-05-26 11:20 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 17:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 22:17 462,039 ----atw C:\WINDOWS\system32\temp2ae6.zip
2008-05-17 08:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-05-08 08:33 --------- d-----w C:\Program Files\Google
2008-05-07 19:28 --------- d-----w C:\Program Files\Avira
2008-05-07 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-07 08:44 --------- d-----w C:\Program Files\Dofus
2008-05-04 08:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-30 11:03 --------- d-----w C:\Program Files\Java
2008-03-30 10:02 776,184 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D6E1A87-D539-AAB8-4B1A-828DBC5586EF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2005-08-15 15:12 2822144]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34 598920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"Nosign_JL2005"="nosign TRUST" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBlock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnnl]
urqqnnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Jeux Video\\Warcraft III\\Warcraft III.exe"=
"C:\\Jeux Video\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Jeux Video\\Valve\\Steam\\Steam.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\WUpdMgr98.exe"=
"C:\\Program Files\\Client Shiva\\ShivaDsk.exe"=
"C:\\Program Files\\Client Shiva\\SHInfos.exe"=
"C:\\Jeux Video\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Jeux Video\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.2.4-to-1.3.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\team fortress classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\ricochet\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\deathmatch classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero deleted scenes\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Bureau\\Dossier Client\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Local Settings\\Temporary Internet Files\\Content.IE5\\OB1N22V5\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat source\\hl2.exe"=
"C:\\Jeux Video\\Wow\\WoW-1.12.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike source\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmgr.exe"=
"C:\WINDOWS\system32\cuyhioxp.exe"= C:\WINDOWS\system32\cuy
"C:\WINDOWS\system32\kdntgtmy.exe"= C:\WINDOWS\system32\kdn
"C:\\Jeux Video\\World of Warcraft\\WoWTest\\WoW-0.2.0.7153-to-0.2.0.7175-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 adxapie;adxapie;C:\DOCUME~1\Syn@ps9\LOCALS~1\Temp\adxapie.sys []
S3 JL2005;TRUST SPYC@M 100;C:\WINDOWS\system32\Drivers\toywdm.sys [2003-11-28 11:46]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Syn@ps9\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495644e1-b206-11db-ac0f-00112f884bd7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa82123e-6c2e-11dc-ad3f-00112f884bd7}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 12:54:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 11:56:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Kwari.xLoader]
"ImagePath"="C:\Documents and Settings\Syn@ps9\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32"
.
Temps d'accomplissement: 2008-06-26 11:58:28
ComboFix-quarantined-files.txt 2008-06-26 09:57:26
ComboFix2.txt 2008-06-26 09:06:12

Pre-Run: 14,771,752,960 octets libres
Post-Run: 14,765,600,768 octets libres

142

Merci.

Ah d'accord désolé

le voici :
ComboFix 08-06-20.4 - Syn@ps9 2008-06-26 10:58:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.676 [GMT 2:00]
Endroit: C:\Documents and Settings\Syn@ps9\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Syn@ps9\Mes documents\CURITY~1
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\?icrosoft.NET\
C:\WINDOWS\system32\aaraqbmq.ini
C:\WINDOWS\system32\afldkccj.ini
C:\WINDOWS\system32\bakhkwyc.ini
C:\WINDOWS\system32\bqmoocwn.ini
C:\WINDOWS\system32\btmmpomq.ini
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\cropwhud.ini
C:\WINDOWS\system32\dhydkeym.ini
C:\WINDOWS\system32\epaamsnx.ini
C:\WINDOWS\system32\eryliyjl.ini
C:\WINDOWS\system32\eyommhla.ini
C:\WINDOWS\system32\grphvrxt.ini
C:\WINDOWS\system32\gxyowifd.ini
C:\WINDOWS\system32\hekglgyi.ini
C:\WINDOWS\system32\homvrrbd.ini
C:\WINDOWS\system32\hppxvgfj.ini
C:\WINDOWS\system32\hqaeqidg.ini
C:\WINDOWS\system32\iavxuewj.ini
C:\WINDOWS\system32\ioxascnm.ini
C:\WINDOWS\system32\kdakvyrv.ini
C:\WINDOWS\system32\llxkcqmf.ini
C:\WINDOWS\system32\mgdfsjyn.ini
C:\WINDOWS\system32\mxlqtvjv.ini
C:\WINDOWS\system32\nfwdujec.ini
C:\WINDOWS\system32\noishpux.ini
C:\WINDOWS\system32\oafwnmmv.ini
C:\WINDOWS\system32\oktiunvw.ini
C:\WINDOWS\system32\papnbgpy.ini
C:\WINDOWS\system32\pbyetojs.ini
C:\WINDOWS\system32\pvitebhj.ini
C:\WINDOWS\system32\qgkmfayd.ini
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.bak2
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\qtutv.tmp
C:\WINDOWS\system32\rokitucy.ini
C:\WINDOWS\system32\roqxtfmy.ini
C:\WINDOWS\system32\rsujmwlf.ini
C:\WINDOWS\system32\sadxatij.ini
C:\WINDOWS\system32\slpcolhx.ini
C:\WINDOWS\system32\tfdijyee.ini
C:\WINDOWS\system32\uiqmnyjd.ini
C:\WINDOWS\system32\vhdmryhb.ini
C:\WINDOWS\system32\vlrjsirs.ini
C:\WINDOWS\system32\vnuyddeh.ini
C:\WINDOWS\system32\wwchjxgb.ini
C:\WINDOWS\system32\ynqmvbox.ini
C:\WINDOWS\system32\yvjgiouv.ini
C:\WINDOWS\system32\ywusspst.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))
.

2008-05-26 11:20 . 2008-05-26 11:20 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 17:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 22:17 462,039 ----atw C:\WINDOWS\system32\temp2ae6.zip
2008-05-17 08:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-05-08 08:33 --------- d-----w C:\Program Files\Google
2008-05-07 19:28 --------- d-----w C:\Program Files\Avira
2008-05-07 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-07 08:44 --------- d-----w C:\Program Files\Dofus
2008-05-04 08:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-30 11:03 --------- d-----w C:\Program Files\Java
2008-03-30 10:02 776,184 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D6E1A87-D539-AAB8-4B1A-828DBC5586EF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2005-08-15 15:12 2822144]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34 598920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [2006-12-26 22:32 605696]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [2006-12-26 22:32 605696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"Nosign_JL2005"="nosign TRUST" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [2006-12-26 22:32 605696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [2006-12-26 22:32 605696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBlock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnnl]
urqqnnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Jeux Video\\Warcraft III\\Warcraft III.exe"=
"C:\\Jeux Video\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Jeux Video\\Valve\\Steam\\Steam.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\WUpdMgr98.exe"=
"C:\\Program Files\\Client Shiva\\ShivaDsk.exe"=
"C:\\Program Files\\Client Shiva\\SHInfos.exe"=
"C:\\Jeux Video\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Jeux Video\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.2.4-to-1.3.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\team fortress classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\ricochet\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\deathmatch classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero deleted scenes\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Bureau\\Dossier Client\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Local Settings\\Temporary Internet Files\\Content.IE5\\OB1N22V5\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat source\\hl2.exe"=
"C:\\Jeux Video\\Wow\\WoW-1.12.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike source\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmgr.exe"=
"C:\WINDOWS\system32\cuyhioxp.exe"= C:\WINDOWS\system32\cuy
"C:\WINDOWS\system32\kdntgtmy.exe"= C:\WINDOWS\system32\kdn
"C:\\Jeux Video\\World of Warcraft\\WoWTest\\WoW-0.2.0.7153-to-0.2.0.7175-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 adxapie;adxapie;C:\DOCUME~1\Syn@ps9\LOCALS~1\Temp\adxapie.sys []
S3 JL2005;TRUST SPYC@M 100;C:\WINDOWS\system32\Drivers\toywdm.sys [2003-11-28 11:46]
S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\Syn@ps9\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 []
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495644e1-b206-11db-ac0f-00112f884bd7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7673a636-e792-11db-ac62-00112f884bd7}]
\Shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa82123e-6c2e-11dc-ad3f-00112f884bd7}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 12:54:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 11:01:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Kwari.xLoader]
"ImagePath"="C:\Documents and Settings\Syn@ps9\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32"
.
Temps d'accomplissement: 2008-06-26 11:06:11
ComboFix-quarantined-files.txt 2008-06-26 09:05:09

Pre-Run: 14,849,478,656 octets libres
Post-Run: 14,777,991,168 octets libres

206

Bonjour, voici les 2 rapports:


ComboFix 08-06-20.4 - Syn@ps9 2008-06-28 10:18:26.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.736 [GMT 2:00]
Endroit: C:\Documents and Settings\Syn@ps9\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Syn@ps9\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\system32\temp2ae6.zip
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\temp2ae6.zip
c:\windows\system32\wupdmgr98.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADXAPIE
-------\Legacy_KWARI.XLOADER
-------\Service_adxapie
-------\Service_Kwari.xLoader


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 17:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-26 09:20 --------- d-----w C:\Program Files\Trend Micro
2008-05-17 08:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-05-08 08:33 --------- d-----w C:\Program Files\Google
2008-05-07 19:28 --------- d-----w C:\Program Files\Avira
2008-05-07 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-07 08:44 --------- d-----w C:\Program Files\Dofus
2008-05-04 08:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-30 11:03 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_11.04.43,25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 08:01:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 08:22:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-28 01:57:44 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{12C2EA2A-AC74-47C8-BF0E-D7771CD95136}.bin
+ 2008-06-27 13:28:51 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{809414D8-AF38-4349-BEF8-A09FCB3A1BAA}.bin
- 2008-05-27 07:51:29 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E3CF2B9F-AFE0-4398-A78F-A4FB0DEF97B7}.bin
+ 2008-06-26 17:54:46 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E3CF2B9F-AFE0-4398-A78F-A4FB0DEF97B7}.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D6E1A87-D539-AAB8-4B1A-828DBC5586EF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2005-08-15 15:12 2822144]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 18:34 598920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"Nosign_JL2005"="nosign TRUST" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]
"combofix"="C:\WINDOWS\system32\CF5771.exe" [2008-06-28 10:17 400896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdate"="c:\windows\system32\wupdmgr98.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBlock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqnnl]
urqqnnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Jeux Video\\Warcraft III\\Warcraft III.exe"=
"C:\\Jeux Video\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Jeux Video\\Valve\\Steam\\Steam.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\WUpdMgr98.exe"=
"C:\\Program Files\\Client Shiva\\ShivaDsk.exe"=
"C:\\Program Files\\Client Shiva\\SHInfos.exe"=
"C:\\Jeux Video\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Jeux Video\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.2.4-to-1.3.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\team fortress classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\ricochet\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\deathmatch classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero deleted scenes\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Bureau\\Dossier Client\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Local Settings\\Temporary Internet Files\\Content.IE5\\OB1N22V5\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat source\\hl2.exe"=
"C:\\Jeux Video\\Wow\\WoW-1.12.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike source\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmgr.exe"=
"C:\WINDOWS\system32\cuyhioxp.exe"= C:\WINDOWS\system32\cuy
"C:\WINDOWS\system32\kdntgtmy.exe"= C:\WINDOWS\system32\kdn
"C:\\Jeux Video\\World of Warcraft\\WoWTest\\WoW-0.2.0.7153-to-0.2.0.7175-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 JL2005;TRUST SPYC@M 100;C:\WINDOWS\system32\Drivers\toywdm.sys [2003-11-28 11:46]
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495644e1-b206-11db-ac0f-00112f884bd7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa82123e-6c2e-11dc-ad3f-00112f884bd7}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-26 12:54:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 10:23:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nosign.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-28 10:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 08:32:31
ComboFix2.txt 2008-06-26 09:58:29
ComboFix3.txt 2008-06-26 09:06:12

Pre-Run: 18,695,114,752 octets libres
Post-Run: 18,640,515,072 octets libres

178


Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:17, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CyberStarter.lnk = C:\Program Files\vtech\CyberStarter\CyberStarter.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5256 bytes

Bonjour, excuse moi avec les exams j'ai eu du mal à faire tout cela plus tôt donc voici le résultat, merci pour le temps que tu me consacre.

Résultat : 0/33 (0%)

Fichier toywdm.sys reçu le 2008.07.01 11:23:35 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.1.0 2008.07.01 -
AntiVir 7.8.0.59 2008.07.01 -
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.07.01 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.01 -
DrWeb 4.44.0.09170 2008.07.01 -
eSafe 7.0.17.0 2008.06.30 -
eTrust-Vet 31.6.5916 2008.07.01 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.07.01 -
GData 2.0.7306.1023 2008.07.01 -
Ikarus T3.1.1.26.0 2008.07.01 -
Kaspersky 7.0.0.125 2008.07.01 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.07.01 -
NOD32v2 3230 2008.07.01 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.01 -
Rising 20.51.11.00 2008.07.01 -
Sophos 4.30.0 2008.07.01 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.01 -
TheHacker 6.2.96.365 2008.07.01 -
TrendMicro 8.700.0.1004 2008.07.01 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.07.01 -
Information additionnelle
File size: 70632 bytes
MD5...: e120182410e64825ddaaa102a019edb1
SHA1..: 44c418ecbe5eabbfa0c3f178695915afe5806007
SHA256: 0187bf6c8f1479084f01ab2169163d79546e7576d96de49baa33fa13511cdcfc
SHA512: e9def7b6bc469518a9b3f6bb97907c316674cf1450e637da8b66ab8041812a80<br>956823ce37afb32cf56211ce1ee1a054b9b0663b61c2df8510fe5ab51d398ddb
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10718<br>timedatestamp.....: 0x3fc6b712 (Fri Nov 28 02:46:42 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 9 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x340 0x50d0 0x50e0 6.24 38bd96e96c2678f9cf87306ae65a7b00<br>.rdata 0x5420 0x884 0x8a0 3.61 f6d8835e825fc70d143c5c984b4d163e<br>.data 0x5cc0 0x41c0 0x41c0 6.12 f3f89013126d2f559d3659c992bb1f9c<br>PAGE 0x9e80 0x58a9 0x58c0 6.51 327d870d7e72b1fad00a4b9fde94b25a<br>.edata 0xf740 0x33 0x40 2.26 d9e4db480bf72e7d35971574f8186bc0<br>PAGECONS 0xf780 0x80 0x80 5.24 de4af32b141e09bdd09cf567a093373a<br>INIT 0xf800 0x4ea 0x500 5.04 32ea533a4adc147d8e7c8034a3eead05<br>.rsrc 0xfd00 0x3c8 0x3e0 3.34 cdfea7340352362729a1e10f718b28d2<br>.reloc 0x100e0 0x6c2 0x6e0 6.21 1f0baf07f8ab7f6f52644387214f6abc<br><br>( 4 imports ) <br>&gt; NTOSKRNL.EXE: MmMapLockedPages, IoFreeMdl, DbgPrint, IoAllocateMdl, MmUnmapLockedPages, RtlWriteRegistryValue, MmBuildMdlForNonPagedPool, KeWaitForSingleObject, IofCallDriver, KeInitializeSemaphore, KeInitializeEvent, KeReleaseSemaphore, ExFreePool, RtlQueryRegistryValues, IoBuildDeviceIoControlRequest, KeInitializeDpc, KeInitializeTimer, KeCancelTimer, ExfInterlockedInsertTailList, RtlCompareMemory, ExAllocatePoolWithTag, IoFreeIrp, IoInitializeIrp, IoAllocateIrp, InterlockedDecrement, KeSetEvent, InterlockedIncrement, KeInitializeSpinLock, ExfInterlockedRemoveHeadList, KeSetTimer, KeDelayExecutionThread, ExQueueWorkItem<br>&gt; HAL.DLL: KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql<br>&gt; STREAM.SYS: StreamClassRegisterAdapter, StreamClassStreamNotification, StreamClassQueryMasterClockSync, StreamClassDeviceNotification<br>&gt; USBD.SYS: _USBD_ParseConfigurationDescriptorEx@28, _USBD_CreateConfigurationRequestEx@8<br><br>( 0 exports ) <br>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.1.0 2008.07.01 -
AntiVir 7.8.0.59 2008.07.01 -
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.06.30 -
AVG 7.5.0.516 2008.06.30 -
BitDefender 7.2 2008.07.01 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.01 -
DrWeb 4.44.0.09170 2008.07.01 -
eSafe 7.0.17.0 2008.06.30 -
eTrust-Vet 31.6.5916 2008.07.01 -
Ewido 4.0 2008.06.27 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.06.26 -
Fortinet 3.14.0.0 2008.07.01 -
GData 2.0.7306.1023 2008.07.01 -
Ikarus T3.1.1.26.0 2008.07.01 -
Kaspersky 7.0.0.125 2008.07.01 -
McAfee 5328 2008.06.30 -
Microsoft 1.3704 2008.07.01 -
NOD32v2 3230 2008.07.01 -
Norman 5.80.02 2008.06.30 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.01 -
Rising 20.51.11.00 2008.07.01 -
Sophos 4.30.0 2008.07.01 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.01 -
TheHacker 6.2.96.365 2008.07.01 -
TrendMicro 8.700.0.1004 2008.07.01 -
VBA32 3.12.6.8 2008.06.30 -
VirusBuster 4.5.11.0 2008.06.30 -
Webwasher-Gateway 6.6.2 2008.07.01 -

Information additionnelle
File size: 70632 bytes
MD5...: e120182410e64825ddaaa102a019edb1
SHA1..: 44c418ecbe5eabbfa0c3f178695915afe5806007
SHA256: 0187bf6c8f1479084f01ab2169163d79546e7576d96de49baa33fa13511cdcfc
SHA512: e9def7b6bc469518a9b3f6bb97907c316674cf1450e637da8b66ab8041812a80<br>956823ce37afb32cf56211ce1ee1a054b9b0663b61c2df8510fe5ab51d398ddb
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10718<br>timedatestamp.....: 0x3fc6b712 (Fri Nov 28 02:46:42 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 9 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x340 0x50d0 0x50e0 6.24 38bd96e96c2678f9cf87306ae65a7b00<br>.rdata 0x5420 0x884 0x8a0 3.61 f6d8835e825fc70d143c5c984b4d163e<br>.data 0x5cc0 0x41c0 0x41c0 6.12 f3f89013126d2f559d3659c992bb1f9c<br>PAGE 0x9e80 0x58a9 0x58c0 6.51 327d870d7e72b1fad00a4b9fde94b25a<br>.edata 0xf740 0x33 0x40 2.26 d9e4db480bf72e7d35971574f8186bc0<br>PAGECONS 0xf780 0x80 0x80 5.24 de4af32b141e09bdd09cf567a093373a<br>INIT 0xf800 0x4ea 0x500 5.04 32ea533a4adc147d8e7c8034a3eead05<br>.rsrc 0xfd00 0x3c8 0x3e0 3.34 cdfea7340352362729a1e10f718b28d2<br>.reloc 0x100e0 0x6c2 0x6e0 6.21 1f0baf07f8ab7f6f52644387214f6abc<br><br>( 4 imports ) <br>&gt; NTOSKRNL.EXE: MmMapLockedPages, IoFreeMdl, DbgPrint, IoAllocateMdl, MmUnmapLockedPages, RtlWriteRegistryValue, MmBuildMdlForNonPagedPool, KeWaitForSingleObject, IofCallDriver, KeInitializeSemaphore, KeInitializeEvent, KeReleaseSemaphore, ExFreePool, RtlQueryRegistryValues, IoBuildDeviceIoControlRequest, KeInitializeDpc, KeInitializeTimer, KeCancelTimer, ExfInterlockedInsertTailList, RtlCompareMemory, ExAllocatePoolWithTag, IoFreeIrp, IoInitializeIrp, IoAllocateIrp, InterlockedDecrement, KeSetEvent, InterlockedIncrement, KeInitializeSpinLock, ExfInterlockedRemoveHeadList, KeSetTimer, KeDelayExecutionThread, ExQueueWorkItem<br>&gt; HAL.DLL: KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql<br>&gt; STREAM.SYS: StreamClassRegisterAdapter, StreamClassStreamNotification, StreamClassQueryMasterClockSync, StreamClassDeviceNotification<br>&gt; USBD.SYS: _USBD_ParseConfigurationDescriptorEx@28, _USBD_CreateConfigurationRequestEx@8<br><br>( 0 exports ) <br>

Le voici


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:08, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CyberStarter.lnk = C:\Program Files\vtech\CyberStarter\CyberStarter.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5659 bytes

Bonjour, voilà les 2 rapports


ComboFix 08-06-30.2 - Syn@ps9 2008-07-02 10:11:04.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.718 [GMT 2:00]
Endroit: C:\Documents and Settings\Syn@ps9\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Syn@ps9\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\system32\CF5771.exe
C:\WINDOWS\system32\cuyhioxp.exe
C:\WINDOWS\system32\kdntgtmy.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wupdmgr98.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 17:02 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-26 09:20 --------- d-----w C:\Program Files\Trend Micro
2008-05-17 08:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 08:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-05-08 08:33 --------- d-----w C:\Program Files\Google
2008-05-07 19:28 --------- d-----w C:\Program Files\Avira
2008-05-07 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-07 08:44 --------- d-----w C:\Program Files\Dofus
2008-05-04 08:18 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_11.04.43,25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 08:01:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-02 08:03:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-28 01:57:44 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{12C2EA2A-AC74-47C8-BF0E-D7771CD95136}.bin
+ 2008-06-29 18:06:54 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{2424AF27-60D7-4169-98DA-893930752BA4}.bin
+ 2008-06-27 13:28:51 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{809414D8-AF38-4349-BEF8-A09FCB3A1BAA}.bin
+ 2008-06-30 13:36:25 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{C1A8C4C6-7635-4187-8284-25A1987E1134}.bin
+ 2008-07-01 23:20:28 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{D18719FA-C48A-4997-8D18-947324B40365}.bin
+ 2008-07-01 01:13:51 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{DFD9369F-0894-4064-BB0F-856083578D5A}.bin
+ 2008-07-01 13:19:16 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E03242E7-B1DA-4D0F-8234-FC95FEAB0E95}.bin
- 2008-05-27 07:51:29 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E3CF2B9F-AFE0-4398-A78F-A4FB0DEF97B7}.bin
+ 2008-06-26 17:54:46 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E3CF2B9F-AFE0-4398-A78F-A4FB0DEF97B7}.bin
+ 2008-06-28 18:08:53 2,620 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E657D3E8-54FC-4EE7-A5D4-7C40DFAC0891}.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBlock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Jeux Video\\Warcraft III\\Warcraft III.exe"=
"C:\\Jeux Video\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Jeux Video\\Valve\\Steam\\Steam.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\WUpdMgr98.exe"=
"C:\\Program Files\\Client Shiva\\ShivaDsk.exe"=
"C:\\Program Files\\Client Shiva\\SHInfos.exe"=
"C:\\Jeux Video\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Jeux Video\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.2.4-to-1.3.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\team fortress classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\ricochet\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\deathmatch classic\\hl.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\condition zero deleted scenes\\hl.exe"=
"C:\\Jeux Video\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Bureau\\Dossier Client\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe"=
"C:\\Documents and Settings\\Syn@ps9\\Local Settings\\Temporary Internet Files\\Content.IE5\\OB1N22V5\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader[1].exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\day of defeat source\\hl2.exe"=
"C:\\Jeux Video\\Wow\\WoW-1.12.0-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\counter-strike source\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"C:\\Jeux Video\\Valve\\Steam\\SteamApps\\synaps13\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Jeux Video\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmgr.exe"=
"C:\WINDOWS\system32\cuyhioxp.exe"= C:\WINDOWS\system32\cuy
"C:\WINDOWS\system32\kdntgtmy.exe"= C:\WINDOWS\system32\kdn
"C:\\Jeux Video\\World of Warcraft\\WoWTest\\WoW-0.2.0.7153-to-0.2.0.7175-frFR-downloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 JL2005;TRUST SPYC@M 100;C:\WINDOWS\system32\Drivers\toywdm.sys [2003-11-28 11:46]
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495644e1-b206-11db-ac0f-00112f884bd7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa82123e-6c2e-11dc-ad3f-00112f884bd7}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-30 12:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 10:13:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-02 10:20:08
ComboFix-quarantined-files.txt 2008-07-02 08:20:06
ComboFix2.txt 2008-06-28 08:32:35
ComboFix3.txt 2008-06-26 09:58:29
ComboFix4.txt 2008-06-26 09:06:12

Pre-Run: 18,472,202,240 octets libres
Post-Run: 18,465,603,584 octets libres

139


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:31, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CyberStarter.lnk = C:\Program Files\vtech\CyberStarter\CyberStarter.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5256 bytes

Re, je n'ai pas trouvé les 2 lignes dans le Regedit

je t'ai fait un screen



Je fait quand même MBAM?

Sinon j'ai noté une forte amélioration lors du lancement de l'ordinateur et dans les jeu : l'ips est à 40-50 ce qui presque "normal".

Et voilà
j'ai aussi réactivé mon parfeu ce dernier ne l'étant plus .


Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

18:12:04 02/07/2008
mbam-log-7-2-2008 (18-12-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 147215
Time elapsed: 1 hour(s), 41 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WindowsUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WindowsUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\wupdmgr98.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Bonjour, désolé mais j'ai fait 3 fois le scan Kaspersky mais à chaque fois lorsque je clique sur le bouton Enregistrer rapport, internet explorer "plante" et les scans sont très longs je perd mon courage là .


Sinon à la fin de l'analyse il est écrit en vert :"Les sections analysées sont SAINES."

Salut, désolé avec les vacances mes passages sont moins fréquents.

Il y a une amélioration au niveau de l'IPS pendant les jeux, je n'ai plus de soucis avec les vidéos mais l'ordinateur prend encore beaucoup de temps à se lancer, aussi je n'ai pas retrouvé la "forme" de mon pc d'il y a 3 mois

HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:44, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CyberStarter.lnk = C:\Program Files\vtech\CyberStarter\CyberStarter.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5800 bytes

Bonjour, tout d'abord; oui j'utilise des "cracks" no-cd pour les jeux vidéo,Gmer n'a rien trouvé donc rien à copier/coller

voici le rapport BDefender

BitDefender Online Scanner - Rapport virus en temps réel







Généré à: Thu, Jul 10, 2008 - 17:21:33









Info d'analyse







Fichiers scannés


54827

Infectés Fichiers


0



Virus Détectés



Aucun virus trouvé.




Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.

Hjthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:33, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKLM\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKCU\..\RunServices: [WindowsUpdate] c:\windows\system32\wupdmgr98.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CyberStarter.lnk = C:\Program Files\vtech\CyberStarter\CyberStarter.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6202 bytes

Bonsoir, l'icone dont tu me parlais n'était pas disponible.


Process.exe;C:\Documents and Settings\Syn@ps9\Bureau\MSNFix\MSNFix\incl;Tool.Prockill;Irréparable.Quarantaine.;
steaminstall.exe;C:\Jeux Video\Valve\Condition Zero;Trojan.DownLoader.2105;Irréparable.Quarantaine.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.616;Irréparable.Quarantaine.;
vncviewer.exe;C:\Program Files\RealVNC\VNC4;Program.RemoteAdmin.51;Irréparable.Quarantaine.;
A0231022.EXE;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1186;Program.PsExec.170;Irréparable.Quarantaine.;
A0233231.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1189\A0233231.exe;Program.PsExec.171;;
A0233231.exe;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1189;L'archive contient des éléments infectés;Quarantaine.;
A0237875.exe;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1199;Trojan.Click.origin;Irréparable.Quarantaine.;
A0237876.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1199\A0237876.exe;Program.PsExec.171;;
A0237876.exe;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1199;L'archive contient des éléments infectés;Quarantaine.;
A0237961.exe;C:\System Volume Information\_restore{E4D13A01-9735-4DFA-8E8E-CA55287AA1D7}\RP1200;Trojan.DownLoader.2105;Irréparable.Quarantaine.;