Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Probleme de virus cmpbk32

Dernière réponse le 10 nov 2009 à 22:37:44 caro384, le 10 nov 2009 à 14:05:14

Signaler ce message aux modérateurs

Bonjour,
je dois dépanner l'ordinateur portable d'un ami et là je sèche bien qu'ayant un peu l'habitude de ces m***
Alors si quelqu'un peut m'aider ce serait pas de refus voici le log hijackthis :

le problème (en tout cas un des problèmes) est sur les lignes O20 C:\WINDOWS\System32\cmpbk323232.dll
ce fichier se régéère à chaque déplacement ou renommage. Il se lance à chaque démarrage donc impossible de le supprimer même en sans échec. A la suppresson de la clé de registre de démarrage, il se recrée aussitôt, et ni avira, ni aucun logiciel anti rootkit n'a réussi à le supprimer. Nota : là je suis sur mon pc mais l'ordi en question n'est pas relié à internet en ce moment. Je dispose d'une clé usb pour télécharger tout ce qu'il m'est nécessaire. Merci de votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:52, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Acer\Bureau\Securite\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {027092D7-DC10-4B68-836D-4BC6350D56A0} - (no file)
O2 - BHO: (no name) - {04E125AF-DC10-4B68-836D-4BC6350D56A0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\cmpbk323232.dll
O20 - Winlogon Notify: 7431ee8b689 - C:\WINDOWS\System32\cmpbk323232.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 9488 bytes

Configuration: Windows XP

Meilleures réponses pour « Probleme de virus cmpbk32 » dans :

Problème de suppression de virus avec nod 32 Voir

Reseau infecté par le virus win sality 32 Voir

Virus trojan win 32 ou system Voir

Rapport Hijackthis / Virus Worm Win 32 Voir

Virus trojan Win 32 Voir

Virus trojan : win 32 Voir

Télécharger Avast! Virus Cleaner VoirTout le monde connaît l' antivirus gratuit Avast. Son éditeur propose avast! Virus Cleaner, un nettoyeur de virus gratuit, permettant de supprimer de l'ordinateur, les infections d'une vaste gamme de virus et de vers (worms). Si, malgré toutes...

Posez votre question Répondre

jlpjlp, le 10 nov 2009 à 14:07:34

Slt sur un ordi un seul antivirus : vire nod32 ou antivir

__________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Répondre à jlpjlp

caro384, le 10 nov 2009 à 14:50:04

Voici le rapport
merci de ton aide !

ComboFix 09-11-09.01 - Acer 10/11/2009 14:24:43.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3001.2462 [GMT 1:00]
Lancé depuis: F:\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Un antivirus résident est actif

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Acer\Application Data\02000000de1afc32689C.manifest
C:\Documents and Settings\Acer\Application Data\02000000de1afc32689O.manifest
C:\Documents and Settings\Acer\Application Data\02000000de1afc32689P.manifest
C:\Documents and Settings\Acer\Application Data\02000000de1afc32689S.manifest
C:\Documents and Settings\Administrateur\Application Data\02000000de1afc32689C.manifest
C:\Documents and Settings\Administrateur\Application Data\02000000de1afc32689O.manifest
C:\Documents and Settings\Administrateur\Application Data\02000000de1afc32689P.manifest
C:\Documents and Settings\Administrateur\Application Data\02000000de1afc32689S.manifest
C:\Documents and Settings\carl\Application Data\02000000de1afc32689C.manifest
C:\Documents and Settings\carl\Application Data\02000000de1afc32689O.manifest
C:\Documents and Settings\carl\Application Data\02000000de1afc32689P.manifest
C:\Documents and Settings\carl\Application Data\02000000de1afc32689S.manifest
C:\WINDOWS\Suyin.reg
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\COMADDIN32.DLL
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-10 au 2009-11-10 ))))))))))))))))))))))))))))))))))))
.

2009-11-10 13:18:55 . 2009-11-10 13:22:37 0 d-----w- C:\32788R22FWJFW
2009-11-10 11:49:20 . 2009-06-18 11:55:41 18816 ------w- C:\WINDOWS\system32\SAVRKBootTasks.sys
2009-11-10 11:24:33 . 2009-11-10 11:24:41 0 d-----w- C:\rsit
2009-11-08 10:13:07 . 2009-11-08 10:12:03 512096 ----a-w- C:\WINDOWS\system32\drivers\amon.sys
2009-11-08 10:13:07 . 2009-11-08 10:12:03 298104 ----a-w- C:\WINDOWS\system32\imon.dll
2009-11-08 10:13:07 . 2009-11-08 10:12:02 15424 ----a-w- C:\WINDOWS\system32\drivers\nod32drv.sys
2009-11-08 10:12:00 . 2009-11-08 12:12:33 0 d-----w- C:\Program Files\ESET
2009-11-07 15:56:21 . 2009-11-07 15:56:21 0 d--h--w- C:\WINDOWS\PIF
2009-11-03 20:23:59 . 2009-11-03 20:23:59 0 d-----w- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-11-02 21:43:17 . 2009-09-10 13:54:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-11-02 21:43:15 . 2009-09-10 13:53:50 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-11-02 21:43:11 . 2009-11-02 21:43:21 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-02 21:34:37 . 2009-11-02 21:34:38 0 d-----w- C:\Program Files\CCleaner
2009-11-01 14:02:52 . 2009-11-01 14:05:24 0 d-----w- C:\Documents and Settings\Acer\Application Data\GetRightToGo
2009-11-01 14:01:29 . 2009-11-01 14:01:29 0 d-----w- C:\Documents and Settings\Acer\Local Settings\Application Data\Threat Expert
2009-10-31 18:30:03 . 2009-10-31 18:30:03 0 d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2009-10-31 18:24:14 . 2009-11-02 21:22:36 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-23 06:49:00 . 2009-10-23 06:49:00 0 d-----w- C:\Documents and Settings\Acer\Local Settings\Application Data\Identities
2009-10-23 06:18:12 . 2009-10-23 18:04:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-23 06:18:10 . 2009-10-23 18:22:01 179792 ----a-w- C:\WINDOWS\system32\guard32.dll
2009-10-23 06:18:10 . 2009-10-23 18:21:59 87104 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
2009-10-23 06:18:10 . 2009-10-23 18:21:57 25160 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
2009-10-23 06:18:10 . 2009-10-23 18:21:55 132296 ----a-w- C:\WINDOWS\system32\drivers\cmdguard.sys
2009-10-23 05:33:12 . 2009-10-23 05:33:12 0 d-----w- C:\Documents and Settings\Acer\Application Data\Malwarebytes
2009-10-22 20:36:11 . 2009-10-22 20:36:13 0 d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2009-10-22 20:09:55 . 2009-10-22 20:09:55 0 d-----w- C:\Documents and Settings\carl\Application Data\Malwarebytes
2009-10-22 20:09:46 . 2009-10-22 20:09:46 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-22 19:50:50 . 2008-04-14 21:00:00 42577 -c--a-w- C:\WINDOWS\system32\dllcache\bckgzm.exe
2009-10-22 19:34:41 . 2009-10-22 19:34:41 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-22 18:33:26 . 2009-11-10 11:29:48 0 d-----w- C:\Program Files\Sophos
2009-10-21 22:38:48 . 2006-05-24 11:36:46 110592 ----a-w- C:\Documents and Settings\carl\Application Data\U3\temp\cleanup.exe
2009-10-21 21:59:14 . 2009-10-21 22:42:01 0 d-----w- C:\Documents and Settings\carl\Application Data\U3
2009-10-21 21:26:55 . 2009-11-10 12:28:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 21:26:55 . 2009-11-04 22:57:16 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-10-20 19:03:54 . 2009-10-20 19:58:11 0 d-----w- C:\Documents and Settings\Acer\Local Settings\Application Data\Tific
2009-10-20 19:03:50 . 2009-10-20 19:03:50 0 d-----w- C:\Documents and Settings\Acer\Application Data\Tific
2009-10-20 19:03:48 . 2009-10-20 19:03:48 0 d-----w- C:\Documents and Settings\Acer\Local Settings\Application Data\Symantec
2009-10-20 18:41:24 . 2009-10-21 17:59:11 0 d-----w- C:\Program Files\Fichiers communs\Symantec Shared
2009-10-20 18:41:04 . 2009-10-21 17:58:12 0 d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2009-10-20 18:40:51 . 2009-10-20 18:40:55 0 d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-10-20 18:26:43 . 2009-10-20 18:26:43 0 d-----w- C:\Documents and Settings\carl\Application Data\TuneUp Software
2009-10-20 18:03:26 . 2009-10-20 18:10:41 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-15 22:11:04 . 2009-10-15 22:11:04 0 d-----w- C:\Documents and Settings\Acer\Local Settings\Application Data\COMODO
2009-10-15 20:50:13 . 2008-04-14 21:00:00 26624 ----a-w- C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-15 18:26:03 . 2009-11-10 12:58:47 121856 ----a-w- C:\WINDOWS\system32\cmpbk323232.dll
2009-10-11 19:25:51 . 2009-10-11 19:25:51 0 d-----w- C:\Program Files\Microsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 13:36:58 . 2009-05-16 15:00:03 1474832 ----a-w- C:\WINDOWS\system32\drivers\sfi.dat
2009-11-10 13:16:30 . 2009-04-11 15:31:55 12 ----a-w- C:\WINDOWS\bthservsdp.dat
2009-10-31 18:38:31 . 2009-05-19 08:10:16 0 d-----w- C:\Program Files\Mozilla Thunderbird
2009-10-25 06:23:36 . 2008-09-19 02:29:14 585368 ----a-w- C:\WINDOWS\system32\perfh00C.dat
2009-10-25 06:23:36 . 2008-09-19 02:29:14 112460 ----a-w- C:\WINDOWS\system32\perfc00C.dat
2009-10-23 18:11:09 . 2009-08-12 14:25:05 0 d-----w- C:\Program Files\TuneUp Utilities 2009
2009-10-23 06:19:52 . 2009-05-16 13:43:22 0 d-----w- C:\Program Files\Comodo
2009-10-21 20:02:59 . 2009-05-16 15:43:45 0 d-----w- C:\Documents and Settings\Acer\Application Data\LimeWire
2009-10-20 17:40:11 . 2009-05-19 07:06:24 0 d-----w- C:\Documents and Settings\Acer\Application Data\U3
2009-10-20 06:33:18 . 2009-08-12 13:40:41 0 d-----w- C:\Documents and Settings\Acer\Application Data\Comodo
2009-10-20 06:13:46 . 2008-09-19 01:49:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-12 15:36:03 . 2009-04-11 15:17:06 0 d-----w- C:\Program Files\Launch Manager
2009-10-03 06:24:46 . 2009-10-03 06:24:46 0 d-----w- C:\Documents and Settings\Acer\Application Data\Ethereal
2009-09-29 18:30:33 . 2009-05-18 12:54:30 0 d-----w- C:\Program Files\Sony
2009-09-23 18:12:10 . 2009-09-23 18:12:10 362240 ----a-w- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-09-13 08:29:03 . 2009-09-13 08:29:03 0 d-----w- C:\Program Files\WinPcap
2009-09-11 14:18:20 . 2008-04-14 21:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 21:04:39 . 2008-04-14 21:00:00 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-08-29 07:28:35 . 2007-08-13 16:54:10 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-08-29 07:28:23 . 2008-04-14 21:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-08-29 07:28:22 . 2008-04-14 21:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-08-26 08:01:24 . 2008-04-14 21:00:00 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-19 21:02:27 . 2008-09-19 02:25:10 90360 ----a-w- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 14:55:46 . 2009-08-12 14:55:46 152576 ----a-w- C:\Documents and Settings\Acer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-09 15:41:00 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-09 15:11:00 1028096]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 15:54:40 178712]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 11:39:28 466944]
"Boot"="C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 01:17:20 579584]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-04-11 15:26:38 3686400]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-07-10 00:48:00 150040]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-07-10 00:48:00 170520]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-07-10 00:48:00 141848]
"eRecoveryService"="C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 12:07:46 421888]
"COMODO Internet Security"="C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" [2009-10-23 18:21:02 1799952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 21:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 21:00:00 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 21:00:00 59392]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2008-07-09 15:42:00 16862208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - C:\WINDOWS\system32\bthprops.cpl [2008-04-14 21:00:00 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 21:00:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7431ee8b689]
2009-11-10 12:58:47 121856 ----a-w- C:\WINDOWS\system32\cmpbk323232.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-04-11 15:26:52 3077120 ----a-w- C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

Répondre à caro384

jlpjlp, le 10 nov 2009 à 14:55:06

Le rapport comfix est incomplet!

tu as le complet

puis

analyse ce fichier pour voir sur virus total et colle le rapport http://www.virustotal.com/fr/

C:\WINDOWS\system32\cmpbk323232.dll

et

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

je mets de coté
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7431ee8b689]
2009-11-10 12:58:47 121856 ----a-w- C:\WINDOWS\system32\cmpbk323232.dll

Répondre à jlpjlp

caro384, le 10 nov 2009 à 15:09:46

Désolé j'ai refait combo fix car il s'était visiblement arrêté avant la fin. Voici le rapport complet :
ComboFix 09-11-09.01 - Acer 10/11/2009 14:53.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3001.2469 [GMT 1:00]
Lancé depuis: F:\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Un antivirus résident est actif

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Acer\Application Data\02000000de1afc32689C.manifest
c:\documents and settings\Acer\Application Data\02000000de1afc32689O.manifest
c:\documents and settings\Acer\Application Data\02000000de1afc32689P.manifest
c:\documents and settings\Acer\Application Data\02000000de1afc32689S.manifest
.
---- Exécution préalable -------
.
c:\documents and settings\Acer\Application Data\02000000de1afc32689C.manifest
c:\documents and settings\Acer\Application Data\02000000de1afc32689O.manifest
c:\documents and settings\Acer\Application Data\02000000de1afc32689P.manifest
c:\documents and settings\Acer\Application Data\02000000de1afc32689S.manifest
c:\documents and settings\Administrateur\Application Data\02000000de1afc32689C.manifest
c:\documents and settings\Administrateur\Application Data\02000000de1afc32689O.manifest
c:\documents and settings\Administrateur\Application Data\02000000de1afc32689P.manifest
c:\documents and settings\Administrateur\Application Data\02000000de1afc32689S.manifest
c:\documents and settings\carl\Application Data\02000000de1afc32689C.manifest
c:\documents and settings\carl\Application Data\02000000de1afc32689O.manifest
c:\documents and settings\carl\Application Data\02000000de1afc32689P.manifest
c:\documents and settings\carl\Application Data\02000000de1afc32689S.manifest
c:\windows\Suyin.reg
c:\windows\system32\1.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\COMADDIN32.DLL
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-10 au 2009-11-10 ))))))))))))))))))))))))))))))))))))
.

2009-11-10 11:49 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-11-10 11:24 . 2009-11-10 11:24 -------- d-----w- C:\rsit
2009-11-08 10:13 . 2009-11-08 10:12 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-11-08 10:13 . 2009-11-08 10:12 298104 ----a-w- c:\windows\system32\imon.dll
2009-11-08 10:13 . 2009-11-08 10:12 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-11-08 10:12 . 2009-11-08 12:12 -------- d-----w- c:\program files\ESET
2009-11-07 15:56 . 2009-11-07 15:56 -------- d--h--w- c:\windows\PIF
2009-11-03 20:23 . 2009-11-03 20:23 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-11-02 21:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 21:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 21:43 . 2009-11-02 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 21:34 . 2009-11-02 21:34 -------- d-----w- c:\program files\CCleaner
2009-11-01 14:02 . 2009-11-01 14:05 -------- d-----w- c:\documents and settings\Acer\Application Data\GetRightToGo
2009-11-01 14:01 . 2009-11-01 14:01 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\Threat Expert
2009-10-31 18:30 . 2009-10-31 18:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-10-31 18:24 . 2009-11-02 21:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-23 06:49 . 2009-10-23 06:49 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\Identities
2009-10-23 06:18 . 2009-10-23 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-10-23 06:18 . 2009-10-23 18:22 179792 ----a-w- c:\windows\system32\guard32.dll
2009-10-23 06:18 . 2009-10-23 18:21 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-23 06:18 . 2009-10-23 18:21 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-23 06:18 . 2009-10-23 18:21 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-23 05:33 . 2009-10-23 05:33 -------- d-----w- c:\documents and settings\Acer\Application Data\Malwarebytes
2009-10-22 20:36 . 2009-10-22 20:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-10-22 20:09 . 2009-10-22 20:09 -------- d-----w- c:\documents and settings\carl\Application Data\Malwarebytes
2009-10-22 20:09 . 2009-10-22 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 19:50 . 2008-04-14 21:00 42577 -c--a-w- c:\windows\system32\dllcache\bckgzm.exe
2009-10-22 19:34 . 2009-10-22 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-22 18:33 . 2009-11-10 11:29 -------- d-----w- c:\program files\Sophos
2009-10-21 22:38 . 2006-05-24 11:36 110592 ----a-w- c:\documents and settings\carl\Application Data\U3\temp\cleanup.exe
2009-10-21 21:59 . 2009-10-21 22:42 -------- d-----w- c:\documents and settings\carl\Application Data\U3
2009-10-21 21:26 . 2009-11-10 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 21:26 . 2009-11-04 22:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-20 19:03 . 2009-10-20 19:58 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\Tific
2009-10-20 19:03 . 2009-10-20 19:03 -------- d-----w- c:\documents and settings\Acer\Application Data\Tific
2009-10-20 19:03 . 2009-10-20 19:03 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\Symantec
2009-10-20 18:41 . 2009-10-21 17:59 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-10-20 18:41 . 2009-10-21 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-20 18:40 . 2009-10-20 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-20 18:26 . 2009-10-20 18:26 -------- d-----w- c:\documents and settings\carl\Application Data\TuneUp Software
2009-10-20 18:03 . 2009-10-20 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-15 22:11 . 2009-10-15 22:11 -------- d-----w- c:\documents and settings\Acer\Local Settings\Application Data\COMODO
2009-10-15 20:50 . 2008-04-14 21:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-15 18:26 . 2009-11-10 12:58 121856 ----a-w- c:\windows\system32\cmpbk323232.dll
2009-10-11 19:25 . 2009-10-11 19:25 -------- d-----w- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 13:36 . 2009-05-16 15:00 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-11-10 13:16 . 2009-04-11 15:31 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-31 18:38 . 2009-05-19 08:10 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-25 06:23 . 2008-09-19 02:29 585368 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-25 06:23 . 2008-09-19 02:29 112460 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-23 18:11 . 2009-08-12 14:25 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-23 06:19 . 2009-05-16 13:43 -------- d-----w- c:\program files\Comodo
2009-10-21 20:02 . 2009-05-16 15:43 -------- d-----w- c:\documents and settings\Acer\Application Data\LimeWire
2009-10-20 17:40 . 2009-05-19 07:06 -------- d-----w- c:\documents and settings\Acer\Application Data\U3
2009-10-20 06:33 . 2009-08-12 13:40 -------- d-----w- c:\documents and settings\Acer\Application Data\Comodo
2009-10-20 06:13 . 2008-09-19 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-12 15:36 . 2009-04-11 15:17 -------- d-----w- c:\program files\Launch Manager
2009-10-03 06:24 . 2009-10-03 06:24 -------- d-----w- c:\documents and settings\Acer\Application Data\Ethereal
2009-09-29 18:30 . 2009-05-18 12:54 -------- d-----w- c:\program files\Sony
2009-09-23 18:12 . 2009-09-23 18:12 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-13 08:29 . 2009-09-13 08:29 -------- d-----w- c:\program files\WinPcap
2009-09-11 14:18 . 2008-04-14 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-04-14 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2007-08-13 16:54 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2008-04-14 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2008-04-14 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:01 . 2008-04-14 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 21:02 . 2008-09-19 02:25 90360 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 14:55 . 2009-08-12 14:55 152576 ----a-w- c:\documents and settings\Acer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-09 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-09 1028096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-04-11 3686400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 141848]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-09 16862208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7431ee8b689]
2009-11-10 12:58 121856 ----a-w- c:\windows\system32\cmpbk323232.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-04-11 15:26 3077120 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [11/04/2009 16:26 43184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [23/10/2009 07:18 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [23/10/2009 07:18 25160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [08/11/2009 11:13 15424]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/11/2009 12:49 18816]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 19:09 11032]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/04/2009 01:02 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [09/07/2008 16:15 80784]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [11/04/2009 16:26 3481088]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4B.tmp --> c:\windows\system32\4B.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 22:10 32512]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenu du dossier 'Tâches planifiées'

2009-11-10 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 10:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\mv75lsxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{027092D7-DC10-4B68-836D-4BC6350D56A0} - (no file)
BHO-{04E125AF-DC10-4B68-836D-4BC6350D56A0} - (no file)
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
AddRemove-HijackThis - F:\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 14:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4B.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\cmpbk323232.dll
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll
.
Heure de fin: 2009-11-10 14:59
ComboFix-quarantined-files.txt 2009-11-10 13:59

Avant-CF: 83 291 066 368 octets libres
Après-CF: 83 275 669 504 octets libres

- - End Of File - - 7C3E8F18F6BE3A2D16C95AC79F56FDB6

RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Acer at 2009-11-10 15:03:29
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 79 GB (70%) free of 114 GB
Total RAM: 3001 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:31, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
F:\RSIT.exe
C:\Documents and Settings\Acer\Bureau\Securite\Acer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: 7431ee8b689 - C:\WINDOWS\System32\cmpbk323232.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 8203 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-09 16862208]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2008-07-09 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-09 1028096]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-27 466944]
"Boot"=C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe [2007-12-25 579584]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-04-11 3686400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-10 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-10 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-10 141848]
"eRecoveryService"=C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-07-11 421888]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2009-10-23 1799952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe [2006-05-16 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-09-01 858632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe [2009-11-08 949376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
C:\WINDOWS\PLFSetI.exe [2007-10-23 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\7431ee8b689]
C:\WINDOWS\System32\cmpbk323232.dll [2009-11-10 121856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-04-11 3077120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-07-10 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"

======List of files/folders created in the last 1 months======

2009-11-10 14:59:25 ----A---- C:\ComboFix.txt
2009-11-10 14:49:22 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-10 14:49:22 ----A---- C:\WINDOWS\MBR.exe
2009-11-10 14:22:53 ----A---- C:\WINDOWS\zip.exe
2009-11-10 14:22:53 ----A---- C:\WINDOWS\SWREG.exe
2009-11-10 14:22:53 ----A---- C:\WINDOWS\sed.exe
2009-11-10 14:22:53 ----A---- C:\WINDOWS\PEV.exe
2009-11-10 14:22:53 ----A---- C:\WINDOWS\grep.exe
2009-11-10 14:22:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-10 14:22:52 ----A---- C:\WINDOWS\SWSC.exe
2009-11-10 14:22:38 ----D---- C:\WINDOWS\ERDNT
2009-11-10 14:21:50 ----AD---- C:\Qoobox
2009-11-10 12:24:33 ----D---- C:\rsit
2009-11-08 11:13:07 ----A---- C:\WINDOWS\system32\imon.dll
2009-11-08 11:12:00 ----D---- C:\Program Files\ESET
2009-11-07 16:56:21 ----HD---- C:\WINDOWS\PIF
2009-11-02 22:43:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-02 22:38:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-02 22:34:37 ----D---- C:\Program Files\CCleaner
2009-11-02 22:27:48 ----D---- C:\WINDOWS\pss
2009-11-01 15:02:52 ----D---- C:\Documents and Settings\Acer\Application Data\GetRightToGo
2009-11-01 14:50:11 ----D---- C:\Documents and Settings\Acer\Application Data\WinRAR
2009-11-01 14:49:30 ----D---- C:\Program Files\WinRAR
2009-10-31 19:24:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-31 18:30:01 ----A---- C:\WINDOWS\cfplogvw.INI
2009-10-23 21:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-10-23 21:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-10-23 07:18:12 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-23 07:18:10 ----A---- C:\WINDOWS\system32\guard32.dll
2009-10-23 06:33:12 ----D---- C:\Documents and Settings\Acer\Application Data\Malwarebytes
2009-10-22 21:09:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-22 20:51:35 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2009-10-22 20:51:10 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\snprfdll.dll
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\smtpctrs.ini
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\smtpctrs.dll
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\regtrace.exe
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\ntfsdrct.ini
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\fcachdll.dll
2009-10-22 20:51:04 ----A---- C:\WINDOWS\system32\adsiisex.dll
2009-10-22 20:50:47 ----A---- C:\WINDOWS\system32\write.exe
2009-10-22 20:50:44 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-22 20:50:44 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-22 20:50:43 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-22 20:50:43 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-22 20:50:43 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-22 20:50:43 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\w3svapi.dll
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\axperf.ini
2009-10-22 20:50:42 ----A---- C:\WINDOWS\system32\aspperf.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\wamregps.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\infoctrs.ini
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\infoctrs.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\inetsloc.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\iisrstap.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\iisreset.exe
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\iismui.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\fxssend.exe
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\fxsroute.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\fxsperf.ini
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\convlog.exe
2009-10-22 20:50:41 ----A---- C:\WINDOWS\system32\admxprox.dll
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-22 20:50:40 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\staxmem.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\snmptrap.exe
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\snmpmib.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\snmp.exe
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\smtpapi.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\rwnh.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\lprmon.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\lpdsvc.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\lmmib2.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\infoadmn.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\iisRtl.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\iismap.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\iisext.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\hostmib.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\fxsui.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\fxstiff.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\fxst30.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\fxssvc.exe
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\exstrace.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\evntwin.exe
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\evntcmd.exe
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\evntagnt.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\adsiis.dll
2009-10-22 20:50:39 ----A---- C:\WINDOWS\system32\admwprox.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsst.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsres.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsperf.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsmon.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsext32.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsevent.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxscover.exe
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxscomex.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxscom.dll
2009-10-22 20:50:38 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2009-10-22 20:50:37 ----A---- C:\WINDOWS\system32\fxsapi.dll
2009-10-22 20:50:36 ----D---- C:\WINDOWS\system32\msmq
2009-10-22 20:50:36 ----D---- C:\Inetpub
2009-10-22 20:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-22 19:33:26 ----D---- C:\Program Files\Sophos
2009-10-22 00:10:07 ----A---- C:\WINDOWS\system32\tmp.txt
2009-10-22 00:09:13 ----A---- C:\rapport.txt
2009-10-21 22:26:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-21 22:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 18:56:23 ----D---- C:\WINDOWS\CSC
2009-10-20 20:03:50 ----D---- C:\Documents and Settings\Acer\Application Data\Tific
2009-10-20 19:41:24 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-10-20 19:41:04 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-10-20 19:40:51 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-10-20 19:03:26 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-15 23:15:47 ----A---- C:\WINDOWS\cavscan.INI
2009-10-15 19:26:03 ----A---- C:\WINDOWS\system32\cmpbk323232.dll
2009-10-11 20:25:51 ----D---- C:\Program Files\Microsoft

======List of files/folders modified in the last 1 months======

2009-11-10 15:03:30 ----D---- C:\WINDOWS\Temp
2009-11-10 14:59:28 ----D---- C:\WINDOWS\system32
2009-11-10 14:58:02 ----D---- C:\WINDOWS
2009-11-10 14:58:02 ----A---- C:\WINDOWS\system.ini
2009-11-10 14:57:32 ----RASH---- C:\boot.ini
2009-11-10 14:57:32 ----A---- C:\WINDOWS\win.ini
2009-11-10 14:56:11 ----D---- C:\WINDOWS\AppPatch
2009-11-10 14:56:11 ----AD---- C:\WINDOWS\system32\drivers
2009-11-10 14:56:09 ----D---- C:\Program Files\Fichiers communs
2009-11-10 14:53:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-10 14:42:08 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-10 14:38:16 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-11-10 14:37:43 ----RD---- C:\Program Files
2009-11-10 14:36:56 ----D---- C:\WINDOWS\system32\config
2009-11-10 14:21:50 ----D---- C:\WINDOWS\Prefetch
2009-11-10 13:22:05 ----HD---- C:\WINDOWS\inf
2009-11-10 13:15:54 ----D---- C:\Program Files\Mozilla Firefox
2009-11-04 21:25:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-04 21:25:50 ----D---- C:\WINDOWS\ie7updates
2009-11-04 21:22:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-02 22:13:06 ----D---- C:\RECYCLER
2009-10-31 19:38:31 ----D---- C:\Program Files\Mozilla Thunderbird
2009-10-25 07:23:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-23 21:40:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-23 19:11:09 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-10-23 07:19:52 ----D---- C:\Program Files\Comodo
2009-10-22 20:57:14 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-22 20:52:08 ----SHD---- C:\System Volume Information
2009-10-22 20:51:50 ----D---- C:\WINDOWS\Registration
2009-10-22 20:50:50 ----D---- C:\WINDOWS\Help
2009-10-22 20:50:45 ----D---- C:\WINDOWS\Cursors
2009-10-22 20:50:44 ----D---- C:\Program Files\Windows NT
2009-10-22 20:50:41 ----D---- C:\WINDOWS\system32\wbem
2009-10-22 20:50:41 ----D---- C:\WINDOWS\addins
2009-10-22 20:50:38 ----D---- C:\WINDOWS\security
2009-10-22 19:32:01 ----D---- C:\Config.Msi
2009-10-22 19:29:51 ----SHD---- C:\WINDOWS\Installer
2009-10-21 23:50:17 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-21 23:48:38 ----D---- C:\WINDOWS\Debug
2009-10-21 21:02:59 ----D---- C:\Documents and Settings\Acer\Application Data\LimeWire
2009-10-21 20:39:44 ----AD---- C:\VALUEADD
2009-10-21 19:49:39 ----D---- C:\WINDOWS\system32\Restore
2009-10-21 19:32:34 ----SD---- C:\WINDOWS\Tasks
2009-10-21 05:07:57 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-20 19:10:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-20 18:40:11 ----D---- C:\Documents and Settings\Acer\Application Data\U3
2009-10-20 17:08:27 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-20 17:07:32 ----RSD---- C:\WINDOWS\assembly
2009-10-20 07:33:18 ----D---- C:\Documents and Settings\Acer\Application Data\Comodo
2009-10-20 07:16:32 ----D---- C:\WINDOWS\WinSxS
2009-10-20 07:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-20 07:12:10 ----D---- C:\WINDOWS\system32\fr-fr
2009-10-20 07:12:10 ----D---- C:\Program Files\Internet Explorer
2009-10-20 07:10:14 ----AD---- C:\I386
2009-10-12 16:38:24 ----SD---- C:\Documents and Settings\Acer\Application Data\Microsoft
2009-10-12 16:36:03 ----D---- C:\Program Files\Launch Manager
2009-10-11 20:25:41 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-10-23 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-10-23 25160]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-11-08 15424]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-11-08 512096]
R2 Int15;Int 15; \??\C:\WINDOWS\System32\drivers\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-07-09 12672]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2008-05-30 146944]
R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-07-09 539072]
R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-07-09 37424]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-07-09 876384]
R3 catchme;catchme; \??\C:\DOCUME~1\Acer\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2008-09-01 16896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-07-09 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-07-09 210560]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-07-10 6023072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-09 4739072]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-07-10 110080]
R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-09 80784]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NETw5x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-07-10 3626112]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-30 13952]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-09 220640]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-07-09 731264]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-06-05 175104]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-09 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-07-09 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-07-09 67960]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-05-22 61067]
S3 mbr;mbr; \??\C:\DOCUME~1\Acer\LOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\4B.tmp []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2009-10-23 723632]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-11-08 552064]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-04-11 3481088]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-09-23 362240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Acer at 2009-11-10 15:03:55
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 79 GB (70%) free of 114 GB
Total RAM: 3001 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:57, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Acer\Bureau\RSIT.exe
C:\Documents and Settings\Acer\Bureau\Securite\Acer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4F

Répondre à caro384

caro384, le 10 nov 2009 à 15:12:11

Et pour le scan sur virus total impossible car l'ordi infecté n'est plus relié à internet. Et je ne peux pas copier le fichier sur ma clef USB ça plante à chaque fois

Répondre à caro384

caro384, le 10 nov 2009 à 15:33:46

Désolé est-ce que auelau'un a une idée ?

Merci d'avance

Caro384

Répondre à caro384

caro384, le 10 nov 2009 à 17:43:54

Je me sens un peu seule là, est-qu'il y a quelqu'un pour m'aider ?

Merci

Répondre à caro384

jlpjlp, le 10 nov 2009 à 22:37:44

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Collect::
C:\WINDOWS\system32\cmpbk323232.dll
File::
C:\WINDOWS\system32\cmpbk323232.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\7431ee8b689]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

______________________

remets ensuite un rapport RSIT et dis tes soucis?

le pc avait le net avant?

Répondre à jlpjlp

Posez votre question Répondre