Bonsoir,
J'ai fais comme tu dis mais c'était bizarre, l'ordi à redémarré et de drôles de questions de ComboFix... j'espère ne pas avoir fais de gaffe!
J'attends la suite... Merci!
A+
Stéphane


Voici le rapport:


ComboFix 09-01-21.04 - Stephane 2009-01-22 19:18:18.1 - NTFSx86
Lancé depuis: c:\documents and settings\Stephane\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
.

2009-01-21 09:21 . 2009-01-21 09:21 <REP> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-20 16:06 . 2009-01-20 16:06 14,890,811 --a------ C:\upload_moi_NOM-A467A8C8D57.tar.gz
2009-01-19 20:22 . 2009-01-19 20:22 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-19 10:32 . 2009-01-19 10:33 <REP> d-------- c:\program files\Executive Software
2009-01-18 11:36 . 2009-01-18 11:36 <REP> d-------- c:\program files\CodeStuff
2009-01-16 12:33 . 2009-01-18 11:34 <REP> d-------- c:\program files\Advanced StartUp Manager
2009-01-16 12:24 . 2009-01-16 12:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-15 14:00 . 2009-01-15 14:00 <REP> d-------- c:\program files\Trend Micro
2009-01-13 17:26 . 2009-01-13 17:26 <REP> d-------- c:\documents and settings\Stephane\Application Data\OpenOffice.org
2009-01-13 17:23 . 2009-01-13 17:24 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-11 14:00 . 2009-01-14 22:06 <REP> d-------- C:\# Telechargements
2009-01-01 12:06 . 2009-01-01 12:21 <REP> d-------- c:\program files\NOS
2009-01-01 12:06 . 2009-01-01 12:21 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-30 10:44 . 2008-12-30 10:44 <REP> d-------- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-13 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\Quark
2009-01-22 18:10 --------- d-----w c:\documents and settings\Stephane\Application Data\Skype
2009-01-22 17:39 --------- d-----w c:\documents and settings\Stephane\Application Data\skypePM
2009-01-20 10:57 36,410 ----a-w c:\documents and settings\Stephane\Application Data\wklnhst.dat
2009-01-19 19:22 --------- d-----w c:\program files\Java
2009-01-19 08:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 08:56 --------- d-----w c:\program files\Lavasoft
2009-01-19 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 08:54 --------- d-----w c:\program files\a-squared Free
2009-01-14 20:59 --------- d-----w c:\program files\eMule
2009-01-11 13:40 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-30 08:48 --------- d-----w c:\program files\CCleaner
2008-12-16 09:34 --------- d-----w c:\documents and settings\Stephane\Application Data\Canon
2008-12-11 18:48 --------- d-----w c:\program files\LaserSoft
2008-12-11 18:35 --------- d-----w c:\documents and settings\Stephane\Application Data\Lasersoft Imaging
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-27 13:15 --------- d-----w c:\program files\Canon
2008-11-26 16:07 --------- d-----w c:\program files\QuickTime
2008-11-26 15:09 --------- d-----w c:\program files\iTunes
2008-11-26 15:09 --------- d-----w c:\program files\iPod
2008-11-26 15:09 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-26 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-04-18 20:31 74,040 ----a-w c:\documents and settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 06:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-03-17 21:43 8 --sh--r c:\windows\system32\C805D7AFDE.sys
2005-03-17 21:43 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-18 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008081820080819\index.dat
2008-08-18 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-06-25 504080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-22 5517312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 c:\windows\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 19:28 1434864 c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\Home Cinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2005-03-17 3026]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2005-03-11 1013248]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-03-11 226768]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2005-03-18 46108]
S3 uxddrv;Dynamically loaded UxdDrv;\??\c:\documents and settings\All Users\Bureau\WinStress\uxddrv.sys --> c:\documents and settings\All Users\Bureau\WinStress\uxddrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ccad66-6d21-11dd-9b73-0012f013ed40}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730779c-ff93-11db-ac3e-000325242965}]
\Shell\AutoRun\command - G:\WinStressCopie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4091a4-a442-11d9-b4b5-000e35e0c54c}]
\Shell\AutoRun\command - G:\OEMBranding.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f5874c-d58b-11dd-9cb2-0012f013ed40}]
\Shell\Auto\command - G:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb400e49-a45a-11d9-b278-000e35e0c54c}]
\Shell\AutoRun\command - H:\setup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-17 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-SmartBtn - c:\program files\smartbutton\smartbtn.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.talti.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.coupdepoucepc.com/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Stephane\Application Data\Mozilla\Firefox\Profiles\jbg2krtt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 19:23:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\CA\eTrust Antivirus\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\CA\SHARED~1\SCANEN~1\Inodist.exe
c:\windows\system32\slserv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-01-22 19:27:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-22 18:27:29

Avant-CF: 6.933.245.952 octets libres
Après-CF: 6,834,843,648 octets libres

191 --- E O F --- 2009-01-14 08:47:53

Bonjour Nono,

Je n'insère pas bcp de clé USB mais ça m'arrive 1X par mois peut-etre!

G:\AutoTransfer.exe; G:\WinStressCopie.exe; G:\OEMBranding.exe; G:\auto.exe; G:\EmDesk.exe ;H:\setup.exe
Je ne sais absolument pas quels sont ces programmes! De plus G:/ est mon disque dure externe qui ne sert qu'a mes sauvegardes!

De plus, je fais +- attention lorsque j'installe des chose sur mon PC!

Je n'ai pas trouvé SpeedUpMyPC 3 dans program files et je ne sais pas (ou plus) ce que c'est !!!???

Je vois aussi que j'ai encore Spyboot, Lavasoft,... dans Program files alors que je l'es ai désinstallé lorsque tu me l'as demandé!
Tu m'embrouilles un peu, je ne sais plus quoi faire et où j'en suis avec le PC!

HELP!

A+
Stéphane

Bonjour nono 54,
Juste pour savoir si c'est normal que tu ne m'a pas encore répondu...?
As tu besoin d'autre info? Je ne sais vraiment pas ce que c'est les .exe!!!
T'aillant donné de mes nouvelles, j'attends tjs des tiennes news pour savoir se que je dois faire???
MERCI
A+
StèPh

bonjour

alors desolé pour le temps de reponse :c'etait le week

alors on va passer au nettoyage:

 

 desactive ton antivirus et d'internet

Télécharge Combofix sUBs : Combofix.exe
et met le sur ton bureau.ne le lance surtout pas!!

tu va crée un nouveau fichier texte sur ton bureau:clic droit,document texte et
copie ce qui suit:
Citation :

Enregistre ce fichier sous le nom CFScript
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
Ne pas utiliser en dehors de ce cas de figure : dangereux et enorme risque de plantage de la machine!!!

 

il faudrait que tu suprime les taches planifiées que tu a sur ta machine:

menu demarrer> panneau de configuration>taches planifiées.

 et la tu suprime tout

redonne de tes news et le rapport combofix

a+

Bonsoir,
Pas de problème pour le tps de réponse...

J'ai fais comme tu as dis, pas de problème. Aaah si il m'a fait téléchargé je sais plus trop quoi chez Microsoft...?
Et après le scanne j'ai supprimé les 2 ou 3 taches planifiées qu'il y avait sauf "création d'une tache planifiée" qui ne supprime pas mais je pense que c'est normal.
Voila encore une chose de faite... j'attends la suite... MERCI beaucoup!
Bonne soirée!
Stéphane


Voici donc le rapport combofix:

ComboFix 09-01-21.04 - Stephane 2009-01-26 18:21:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.502 [GMT 1:00]
Lancé depuis: c:\documents and settings\Stephane\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Stephane\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.

2009-01-21 09:21 . 2009-01-21 09:21 <REP> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-20 16:06 . 2009-01-20 16:06 14,890,811 --a------ C:\upload_moi_NOM-A467A8C8D57.tar.gz
2009-01-19 20:22 . 2009-01-19 20:22 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-19 10:32 . 2009-01-19 10:33 <REP> d-------- c:\program files\Executive Software
2009-01-18 11:36 . 2009-01-18 11:36 <REP> d-------- c:\program files\CodeStuff
2009-01-16 12:33 . 2009-01-18 11:34 <REP> d-------- c:\program files\Advanced StartUp Manager
2009-01-16 12:24 . 2009-01-16 12:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-15 14:00 . 2009-01-15 14:00 <REP> d-------- c:\program files\Trend Micro
2009-01-13 17:26 . 2009-01-13 17:26 <REP> d-------- c:\documents and settings\Stephane\Application Data\OpenOffice.org
2009-01-13 17:23 . 2009-01-13 17:24 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-11 14:00 . 2009-01-14 22:06 <REP> d-------- C:\# Telechargements
2009-01-01 12:06 . 2009-01-01 12:21 <REP> d-------- c:\program files\NOS
2009-01-01 12:06 . 2009-01-01 12:21 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-30 10:44 . 2008-12-30 10:44 <REP> d-------- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-13 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\Quark
2009-01-26 15:12 --------- d-----w c:\documents and settings\Stephane\Application Data\Skype
2009-01-26 15:05 --------- d-----w c:\documents and settings\Stephane\Application Data\skypePM
2009-01-26 10:36 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-20 10:57 36,410 ----a-w c:\documents and settings\Stephane\Application Data\wklnhst.dat
2009-01-19 19:22 --------- d-----w c:\program files\Java
2009-01-19 08:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 08:56 --------- d-----w c:\program files\Lavasoft
2009-01-19 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 08:54 --------- d-----w c:\program files\a-squared Free
2009-01-14 20:59 --------- d-----w c:\program files\eMule
2008-12-30 08:48 --------- d-----w c:\program files\CCleaner
2008-12-16 09:34 --------- d-----w c:\documents and settings\Stephane\Application Data\Canon
2008-12-11 18:48 --------- d-----w c:\program files\LaserSoft
2008-12-11 18:35 --------- d-----w c:\documents and settings\Stephane\Application Data\Lasersoft Imaging
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-27 13:15 --------- d-----w c:\program files\Canon
2008-11-26 16:07 --------- d-----w c:\program files\QuickTime
2008-11-26 15:09 --------- d-----w c:\program files\iTunes
2008-11-26 15:09 --------- d-----w c:\program files\iPod
2008-11-26 15:09 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-26 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-04-18 20:31 74,040 ----a-w c:\documents and settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 06:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-03-17 21:43 8 --sh--r c:\windows\system32\C805D7AFDE.sys
2005-03-17 21:43 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-18 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008081820080819\index.dat
2008-08-18 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_19.26.24.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 02:33:53 190,464 -c--a-w c:\windows\system32\dllcache\accwiz.exe
+ 2008-04-14 02:33:59 15,360 -c--a-w c:\windows\system32\dllcache\ctfmon.exe
+ 2008-04-14 02:34:06 218,624 -c--a-w c:\windows\system32\dllcache\icwconn1.exe
+ 2008-04-14 02:34:07 20,480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe
+ 2009-01-26 13:45:23 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-06-25 504080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-22 5517312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 c:\windows\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 19:28 1434864 c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\Home Cinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2005-03-17 3026]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2005-03-11 1013248]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-03-11 226768]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2005-03-18 46108]
S3 uxddrv;Dynamically loaded UxdDrv;\??\c:\documents and settings\All Users\Bureau\WinStress\uxddrv.sys --> c:\documents and settings\All Users\Bureau\WinStress\uxddrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ccad66-6d21-11dd-9b73-0012f013ed40}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730779c-ff93-11db-ac3e-000325242965}]
\Shell\AutoRun\command - G:\WinStressCopie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4091a4-a442-11d9-b4b5-000e35e0c54c}]
\Shell\AutoRun\command - G:\OEMBranding.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f5874c-d58b-11dd-9cb2-0012f013ed40}]
\Shell\Auto\command - G:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb400e49-a45a-11d9-b278-000e35e0c54c}]
\Shell\AutoRun\command - H:\setup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-17 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.talti.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.coupdepoucepc.com/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Stephane\Application Data\Mozilla\Firefox\Profiles\jbg2krtt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 18:22:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-26 18:24:59
ComboFix-quarantined-files.txt 2009-01-26 17:24:27
ComboFix2.txt 2009-01-22 18:27:46

Avant-CF: 7.576.047.616 octets libres
Après-CF: 7,596,163,072 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect

173 --- E O F --- 2009-01-14 08:47:53

bonsoir

alors essaye avec un nouveau fichier texte,j'ai du mal avec les nouvelles commandes du logiciel.

 

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ccad66-6d21-11dd-9b73-0012f013ed40}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730779c-ff93-11db-ac3e-000325242965}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4091a4-a442-11d9-b4b5-000e35e0c54c}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f5874c-d58b-11dd-9cb2-0012f013ed40}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb400e49-a45a-11d9-b278-000e35e0c54c}]

 voiiila

a+

Bon matin,
Encore une autre chose de faite...
Tu pourras me faire un p'ti résumé de ce que je (tu) fais sur le PC...
MERCI beaucoup!
A plus tard
S.


Je te redonne donc le nouveau rapport combofix:


ComboFix 09-01-21.04 - Stephane 2009-01-27 10:13:36.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.602 [GMT 1:00]
Lancé depuis: c:\documents and settings\Stephane\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Stephane\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.

2009-01-21 09:21 . 2009-01-21 09:21 <REP> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-20 16:06 . 2009-01-20 16:06 14,890,811 --a------ C:\upload_moi_NOM-A467A8C8D57.tar.gz
2009-01-19 20:22 . 2009-01-19 20:22 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-19 10:32 . 2009-01-19 10:33 <REP> d-------- c:\program files\Executive Software
2009-01-18 11:36 . 2009-01-18 11:36 <REP> d-------- c:\program files\CodeStuff
2009-01-16 12:33 . 2009-01-18 11:34 <REP> d-------- c:\program files\Advanced StartUp Manager
2009-01-16 12:24 . 2009-01-16 12:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-15 14:00 . 2009-01-15 14:00 <REP> d-------- c:\program files\Trend Micro
2009-01-13 17:26 . 2009-01-13 17:26 <REP> d-------- c:\documents and settings\Stephane\Application Data\OpenOffice.org
2009-01-13 17:23 . 2009-01-13 17:24 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-11 14:00 . 2009-01-14 22:06 <REP> d-------- C:\# Telechargements
2009-01-01 12:06 . 2009-01-01 12:21 <REP> d-------- c:\program files\NOS
2009-01-01 12:06 . 2009-01-01 12:21 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-30 10:44 . 2008-12-30 10:44 <REP> d-------- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-13 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\Quark
2009-01-26 15:12 --------- d-----w c:\documents and settings\Stephane\Application Data\Skype
2009-01-26 15:05 --------- d-----w c:\documents and settings\Stephane\Application Data\skypePM
2009-01-26 10:36 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-20 10:57 36,410 ----a-w c:\documents and settings\Stephane\Application Data\wklnhst.dat
2009-01-19 19:22 --------- d-----w c:\program files\Java
2009-01-19 08:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 08:56 --------- d-----w c:\program files\Lavasoft
2009-01-19 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 08:54 --------- d-----w c:\program files\a-squared Free
2009-01-14 20:59 --------- d-----w c:\program files\eMule
2008-12-30 08:48 --------- d-----w c:\program files\CCleaner
2008-12-16 09:34 --------- d-----w c:\documents and settings\Stephane\Application Data\Canon
2008-12-11 18:48 --------- d-----w c:\program files\LaserSoft
2008-12-11 18:35 --------- d-----w c:\documents and settings\Stephane\Application Data\Lasersoft Imaging
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-27 13:15 --------- d-----w c:\program files\Canon
2008-04-18 20:31 74,040 ----a-w c:\documents and settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
2008-04-09 06:35 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-03-17 21:43 8 --sh--r c:\windows\system32\C805D7AFDE.sys
2005-03-17 21:43 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-18 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008081820080819\index.dat
2008-08-18 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_19.26.24.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 02:33:53 190,464 -c--a-w c:\windows\system32\dllcache\accwiz.exe
+ 2008-04-14 02:33:59 15,360 -c--a-w c:\windows\system32\dllcache\ctfmon.exe
+ 2008-04-14 02:34:06 218,624 -c--a-w c:\windows\system32\dllcache\icwconn1.exe
+ 2008-04-14 02:34:07 20,480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe
+ 2009-01-27 08:42:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_77c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-06-25 504080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-22 5517312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 c:\windows\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 19:28 1434864 c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\Home Cinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2005-03-17 3026]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2005-03-11 1013248]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-03-11 226768]
S3 CBEN5;Pilote de la famille de carte CardBus Ethernet 10/100 Xircom;c:\windows\system32\drivers\cben5.sys [2005-03-18 46108]
S3 uxddrv;Dynamically loaded UxdDrv;\??\c:\documents and settings\All Users\Bureau\WinStress\uxddrv.sys --> c:\documents and settings\All Users\Bureau\WinStress\uxddrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ccad66-6d21-11dd-9b73-0012f013ed40}]
\Shell\AutoRun\command - G:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8730779c-ff93-11db-ac3e-000325242965}]
\Shell\AutoRun\command - G:\WinStressCopie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4091a4-a442-11d9-b4b5-000e35e0c54c}]
\Shell\AutoRun\command - G:\OEMBranding.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f5874c-d58b-11dd-9cb2-0012f013ed40}]
\Shell\Auto\command - G:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\EmDesk\command - G:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb400e49-a45a-11d9-b278-000e35e0c54c}]
\Shell\AutoRun\command - H:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.talti.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.coupdepoucepc.com/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Stephane\Application Data\Mozilla\Firefox\Profiles\jbg2krtt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 10:16:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-27 10:19:04
ComboFix-quarantined-files.txt 2009-01-27 09:18:29
ComboFix2.txt 2009-01-26 17:25:00
ComboFix3.txt 2009-01-22 18:27:46

Avant-CF: 7.593.820.160 octets libres
Après-CF: 7,582,437,376 octets libres

154 --- E O F --- 2009-01-14 08:47:53

Bon matin,
Voici le rapport hijackthis:
Bonne journée...
A+
S.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:43, on 28/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe " -s
O4 - HKLM\..\Run: [AlcWzrd] "ALCWZRD.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.coupdepoucepc.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com ... eb_site.cab?1111072138312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9076 bytes