Se connecter / S'enregistrer
Votre question

anti-spyware 2009 infection importante[résolu]

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Octobre 2008 20:04:16

je ne connais rien en informatique ou si peu mais je suis infectée par ce foutu virus 2009 qui me bloque tout et seulement depuis hier . les e-mails, internet dès que le mot virus ou spyware s'y trouve les sites anti-virus même mon anti-virus a été attaqué et je ne sais plus le réinstaller .le forum est beaucoup bloqué . j'ai essayé le mode sans échec mais pas de résultat. merci de me répondre je ne sais pas vers qui me diriger.

Autres pages sur : anti spyware 2009 infection importante resolu

29 Octobre 2008 20:58:10

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    30 Octobre 2008 09:23:48

    merci mais je vous dirais si cela a fonctionné vers 17-18heures car j'attends mes parents pour pas faire de gaffe.
    Contenus similaires
    30 Octobre 2008 09:59:42

    pas de soucis
    demande à tes parents de faire les manip à ta place si tu veux.
    (ça sera plus sûr)
    30 Octobre 2008 19:18:20

    Nous avons fait ce que tu nous a dit voila le rapport:

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1340
    Windows 5.1.2600 Service Pack 2

    31/10/2008 19:04:06
    mbam-log-2008-10-31 (19-04-06).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 114018
    Temps écoulé: 38 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 47

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nlsf (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\wfoefoxg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\wfoefoxg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\wfoefoxg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\wfoefoxg.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSlriy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10806.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\mulupabiw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS6f4e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\TDSS6319.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\TDSS6339.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\TDSS657b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS70a6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSghha.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSrror.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSvubs.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSxlwh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSyict.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\TDSSvqko.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    31 Octobre 2008 18:35:32

    voila le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:33:44, on 01/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Belgacom\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Belgacom\bin\sprtcmd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S39.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe

    --
    End of file - 5701 bytes
    31 Octobre 2008 19:02:19

    alors quel est le diagnostic?
    31 Octobre 2008 20:49:41

    re

    Citation :
    alors quel est le diagnostic?

    il en reste...
    faudra aussi voir pour mettre un antivirus... (en fin de désinfection)
    Désactive ton pare feu.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer


    ajoute un nouveau rapport Hijackthis.


    1 Novembre 2008 11:59:27

    ComboFix 08-10-31.02 - Administrateur 2008-11-02 11:29:35.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1360 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Cookies\ifykowykid.ban
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Cookies\kilit.scr
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Cookies\ujobegexin.dll
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\bamabemen.vbs
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\doga.bin
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\idote._sy
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\igywe.scr
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\koseza.lib
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\mudetyz.ban
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\nosegy.scr
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\ogezoqitar.ban
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\onoma.dat
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\qawozet.bat
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Local Settings\Temporary Internet Files\yzag.dat
    C:\WINDOWS\IE4 Error Log.txt
    C:\WINDOWS\system32\dllcache\figaro.sys
    C:\WINDOWS\system32\TDSSxyyi.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-02 au 2008-11-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-01 18:33 . 2008-11-01 18:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-31 17:25 . 2008-10-31 17:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-31 17:25 . 2008-10-31 17:25 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-10-31 17:25 . 2008-10-31 17:25 <REP> d-------- C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\Malwarebytes
    2008-10-31 17:25 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-31 17:25 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-30 16:21 . 2008-10-30 16:50 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-30 16:20 . 2008-08-14 14:44 2,182,400 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-30 16:20 . 2008-08-14 14:44 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-30 16:20 . 2008-08-14 14:44 2,059,776 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-30 16:20 . 2008-08-14 14:44 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-30 16:20 . 2008-09-15 16:39 1,846,144 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-30 16:20 . 2007-04-02 06:59 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
    2008-10-30 16:20 . 2008-08-28 11:04 333,056 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-30 16:20 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-30 16:20 . 2008-06-14 18:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-30 16:19 . 2008-04-11 19:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-10-30 16:18 . 2008-10-15 17:55 339,456 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-30 16:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-10-30 16:16 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-10-30 16:16 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-30 15:51 . 2008-10-30 15:51 268 --ah----- C:\sqmdata06.sqm
    2008-10-30 15:51 . 2008-10-30 15:51 244 --ah----- C:\sqmnoopt06.sqm
    2008-10-30 11:25 . 2008-10-30 11:25 18,448 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\idopamelup.dll
    2008-10-30 11:25 . 2008-10-30 11:25 16,088 --a------ C:\WINDOWS\zazojozaxy.vbs
    2008-10-30 11:25 . 2008-10-30 11:25 16,066 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\alenysaru.scr
    2008-10-30 11:25 . 2008-10-30 11:25 16,060 --a------ C:\WINDOWS\ewov.reg
    2008-10-30 11:25 . 2008-10-30 11:25 15,844 --a------ C:\WINDOWS\qanihuse.reg
    2008-10-30 11:25 . 2008-10-30 11:25 15,222 --a------ C:\Program Files\Fichiers communs\xosovycob.scr
    2008-10-30 11:25 . 2008-10-30 11:25 14,777 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\eheq.dat
    2008-10-30 11:25 . 2008-10-30 11:25 14,662 --a------ C:\WINDOWS\ykekaniryk.inf
    2008-10-30 11:25 . 2008-10-30 11:25 11,143 --a------ C:\WINDOWS\ufic.bat
    2008-10-30 11:25 . 2008-10-30 11:25 10,907 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\dyloceto.vbs
    2008-10-30 11:25 . 2008-10-30 11:25 10,635 --a------ C:\WINDOWS\olese.ban
    2008-10-30 11:03 . 2008-10-30 11:03 19,632 --a------ C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\yhytaq.scr
    2008-10-30 11:03 . 2008-10-30 11:03 19,559 --a------ C:\WINDOWS\viho.dat
    2008-10-30 11:03 . 2008-10-30 11:03 19,102 --a------ C:\Program Files\Fichiers communs\metufofupu.bat
    2008-10-30 11:03 . 2008-10-30 11:03 18,790 --a------ C:\WINDOWS\system32\ziso._sy
    2008-10-30 11:03 . 2008-10-30 11:03 18,526 --a------ C:\WINDOWS\system32\ubagywa.inf
    2008-10-30 11:03 . 2008-10-30 11:03 15,535 --a------ C:\WINDOWS\ysidyf.dl
    2008-10-30 11:03 . 2008-10-30 11:03 15,063 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\utyfypo.vbs
    2008-10-30 11:03 . 2008-10-30 11:03 15,058 --a------ C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\oqeqawema.scr
    2008-10-30 11:03 . 2008-10-30 11:03 13,711 --a------ C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\robyceliki.dll
    2008-10-30 11:03 . 2008-10-30 11:03 13,709 --a------ C:\WINDOWS\zebeziveb.vbs
    2008-10-30 11:03 . 2008-10-30 11:03 13,660 --a------ C:\WINDOWS\system32\exivi.dl
    2008-10-30 11:03 . 2008-10-30 11:03 12,295 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\moceq.vbs
    2008-10-30 09:48 . 2008-10-30 09:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-10-30 09:16 . 2008-10-30 09:16 268 --ah----- C:\sqmdata05.sqm
    2008-10-30 09:16 . 2008-10-30 09:16 244 --ah----- C:\sqmnoopt05.sqm
    2008-10-30 09:08 . 2008-10-30 09:08 268 --ah----- C:\sqmdata04.sqm
    2008-10-30 09:08 . 2008-10-30 09:08 244 --ah----- C:\sqmnoopt04.sqm
    2008-10-30 09:05 . 2008-10-30 09:05 <REP> d-------- C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\AVGTOOLBAR
    2008-10-29 16:03 . 2005-07-26 13:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2008-10-29 16:03 . 2005-07-26 13:43 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-10-29 16:03 . 2005-07-26 13:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2008-10-29 16:03 . 2005-07-26 13:43 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
    2008-10-29 16:03 . 2005-07-26 13:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2008-10-29 16:03 . 2005-07-26 13:43 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
    2008-10-12 09:58 . 2004-08-19 15:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-10-02 12:35 . 2008-10-02 12:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft
    2008-10-02 12:23 . 2008-10-02 12:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Support.com

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-30 16:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-10-30 15:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2008-10-30 10:25 16,661 ----a-w C:\Program Files\Fichiers communs\vajuluj.ban
    2008-10-30 10:03 13,927 ----a-w C:\Program Files\Fichiers communs\enem.db
    2008-10-30 10:03 12,395 ----a-w C:\Program Files\Fichiers communs\ager.ban
    2008-10-02 11:35 --------- d-----w C:\Program Files\Belgacom
    2008-10-01 17:56 --------- d-----w C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\LimeWire
    2008-09-27 16:37 --------- d-----w C:\Program Files\MP3 Player Utilities 4.19
    2008-09-27 16:07 --------- d-----w C:\Program Files\Free Video Converter
    2008-09-27 15:54 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-09-27 15:54 --------- d-----w C:\Program Files\AVS4YOU
    2008-09-27 15:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
    2008-09-27 15:54 --------- d-----w C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\AVS4YOU
    2008-09-27 11:53 --------- d-----w C:\Program Files\Sun
    2008-09-27 11:53 --------- d-----w C:\Program Files\Java
    2008-09-27 11:49 --------- d-----w C:\Program Files\LimeWire
    2008-09-25 18:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
    2008-09-25 18:21 --------- d-----w C:\Program Files\epson
    2008-09-21 13:48 --------- d-----w C:\Program Files\Tomb Raider - Legend
    2008-09-19 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
    2008-09-18 10:13 --------- d-----w C:\Program Files\NOS
    2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-14 12:38 --------- d-----w C:\Program Files\Core Design
    2008-09-14 12:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe AIR
    2008-09-14 12:16 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
    2008-09-14 12:16 33,533 ----a-w C:\WINDOWS\system32\CoreVorbis-uninstall.exe
    2008-09-14 12:16 --------- d-----w C:\Program Files\XviD
    2008-09-14 12:15 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-09-14 12:15 --------- d-----w C:\Program Files\Google
    2008-09-09 19:36 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-09 19:36 --------- d-----w C:\Program Files\Windows Live
    2008-09-09 01:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-09-09 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-09 01:11 --------- d-----w C:\Program Files\AMD
    2008-09-09 01:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-09-09 01:06 --------- d-----w C:\Program Files\Realtek
    2008-09-09 00:55 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-09-09 00:54 --------- d-----w C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\InstallShield
    2008-09-02 11:06 --------- d-----w C:\Program Files\IncrediMail
    2008-08-20 05:37 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    .

    ------- Sigcheck -------

    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\tcpip.sys
    2006-02-14 20:56 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
    "nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 248]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.HFYU"= huffyuv.dll
    "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 102400]
    R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);C:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\tr1setup.exe
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
    O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 -: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
    O8 -: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 -: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 -: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-02 11:32:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-02 11:36:30 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-02 10:36:27

    Avant-CF: 34 894 745 600 octets libres
    Après-CF: 37,545,459,712 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

    248 --- E O F --- 2008-10-31 02:03:26
    1 Novembre 2008 12:00:44

    voila le rapport d'hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:59:19, on 02/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Belgacom\bin\sprtcmd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Belgacom\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S39.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe

    --
    End of file - 5881 bytes
    1 Novembre 2008 21:12:44

    bonsoir

    étape 1

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\Documents and Settings\All Users.WINDOWS\Application Data\idopamelup.dll
    C:\WINDOWS\zazojozaxy.vbs
    C:\Documents and Settings\All Users.WINDOWS\Application Data\alenysaru.scr
    C:\WINDOWS\ewov.reg
    C:\WINDOWS\qanihuse.reg
    C:\Program Files\Fichiers communs\xosovycob.scr
    C:\Documents and Settings\All Users.WINDOWS\Application Data\eheq.dat
    C:\WINDOWS\ykekaniryk.inf
    C:\WINDOWS\ufic.bat
    C:\Documents and Settings\All Users.WINDOWS\Application Data\dyloceto.vbs
    C:\WINDOWS\olese.ban
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\yhytaq.scr
    C:\WINDOWS\viho.dat
    C:\Program Files\Fichiers communs\metufofupu.bat
    C:\WINDOWS\system32\ziso._sy
    C:\WINDOWS\system32\ubagywa.inf
    C:\WINDOWS\ysidyf.dl
    C:\Documents and Settings\All Users.WINDOWS\Application Data\utyfypo.vbs
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\oqeqawema.scr
    C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\robyceliki.dll
    C:\WINDOWS\zebeziveb.vbs
    C:\WINDOWS\system32\exivi.dl
    C:\Documents and Settings\All Users.WINDOWS\Application Data\moceq.vbs
    C:\Program Files\Fichiers communs\vajuluj.ban
    C:\Program Files\Fichiers communs\enem.db
    C:\Program Files\Fichiers communs\ager.ban



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    étape 2



    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\drivers\tcpip.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    étape 3

    Télecharge et installe Antivir.

    Ne fais pas de scan avec avant que je te le demande. (pas pour le moment)

    -->Tuto<--
    2 Novembre 2008 15:10:32

    bonjour content de toujours t'entendre voici ce que tu ma demander:

    Fichier tcpip.sys reçu le 2008.11.02 14:47:50 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.1.0 2008.11.01 -
    AntiVir 7.9.0.10 2008.10.31 -
    Authentium 5.1.0.4 2008.11.01 -
    Avast 4.8.1248.0 2008.11.01 -
    AVG 8.0.0.161 2008.11.02 -
    BitDefender 7.2 2008.11.02 -
    CAT-QuickHeal 9.50 2008.11.01 -
    ClamAV 0.94.1 2008.11.02 -
    DrWeb 4.44.0.09170 2008.11.02 -
    eSafe 7.0.17.0 2008.11.02 -
    eTrust-Vet 31.6.6185 2008.11.01 -
    Ewido 4.0 2008.11.02 -
    F-Prot 4.4.4.56 2008.11.01 -
    F-Secure 8.0.14332.0 2008.11.02 -
    Fortinet 3.117.0.0 2008.10.31 -
    GData 19 2008.11.02 -
    Ikarus T3.1.1.44.0 2008.11.02 -
    K7AntiVirus 7.10.514 2008.11.01 -
    Kaspersky 7.0.0.125 2008.11.02 -
    McAfee 5421 2008.11.02 -
    Microsoft 1.4005 2008.11.02 -
    NOD32 3575 2008.10.31 -
    Norman 5.80.02 2008.10.31 -
    Panda 9.0.0.4 2008.11.02 -
    PCTools 4.4.2.0 2008.11.02 -
    Prevx1 V2 2008.11.02 -
    Rising 21.01.62.00 2008.11.02 -
    SecureWeb-Gateway 6.7.6 2008.11.02 -
    Sophos 4.35.0 2008.11.02 -
    Sunbelt 3.1.1767.2 2008.10.31 -
    Symantec 10 2008.11.02 -
    TheHacker 6.3.1.1.135 2008.10.31 -
    TrendMicro 8.700.0.1004 2008.10.31 -
    VBA32 3.12.8.9 2008.11.02 -
    ViRobot 2008.10.31.1446 2008.10.31 -
    VirusBuster 4.5.11.0 2008.11.01 -

    Information additionnelle
    File size: 359808 bytes
    MD5...: 667192a11db19f36624119c0dd4de4f2
    SHA1..: 7c065584153da79b143b4af774ab6e80b45c7aa5
    SHA256: 9c030cd554d106c5cd352e73152d524ac5dd24cc08ac60740538a2e3278903e7
    SHA512: ea984c0d1cf61c0608a8b95e66be62d4e894d1f1b5f44d698f3e67eb83747dd7<BR>48fb23ade5e2812d2b990e2ef57a2da08e598187e89ffe63438c616158692bf7
    PEiD..: -
    TrID..: File type identification<BR>Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x61416<BR>timedatestamp.....: 0x43c7103c (Fri Jan 13 02:28:12 2006)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 10 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x380 0x3eb3e 0x3eb80 6.60 46b8ea72648ed1d1eb548849e0c7d7ae<BR>.rdata 0x3ef00 0x57c 0x580 4.44 06e3937c0fd430a4cc73e8172a880eac<BR>.data 0x3f480 0xa4a4 0xa500 0.06 adabe7a069526451cc32fb7eb232e5d7<BR>PAGE 0x49980 0x1f2b 0x1f80 6.38 ca61abebedaf2d9e3af88cb60ea12684<BR>PAGELK 0x4b900 0x6f2 0x700 6.22 f70a1d3a2c576e2a180f10c1fa544e24<BR>PAGEIPMc 0x4c000 0x2781 0x2800 6.43 be6c6b9341cbf9387098d592e3953705<BR>.edata 0x4e800 0x341 0x380 5.20 556a70fd8e3397f41bdd1a9ee295127f<BR>INIT 0x4eb80 0x5836 0x5880 6.21 56e61ce88ce1bf9a306b4b73ad212210<BR>.rsrc 0x54400 0x3f0 0x400 3.41 b8a576bf7ae4a3cd8a2006b884c6933c<BR>.reloc 0x54800 0x3564 0x3580 6.82 37ac70ac8a6743355db14fddc3819faa<BR><BR>( 4 imports ) <BR>> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex<BR>> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter<BR>> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile<BR>> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel<BR><BR>( 31 exports ) <BR>ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum<BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.1.0 2008.11.01 -
    AntiVir 7.9.0.10 2008.10.31 -
    Authentium 5.1.0.4 2008.11.01 -
    Avast 4.8.1248.0 2008.11.01 -
    AVG 8.0.0.161 2008.11.02 -
    BitDefender 7.2 2008.11.02 -
    CAT-QuickHeal 9.50 2008.11.01 -
    ClamAV 0.94.1 2008.11.02 -
    DrWeb 4.44.0.09170 2008.11.02 -
    eSafe 7.0.17.0 2008.11.02 -
    eTrust-Vet 31.6.6185 2008.11.01 -
    Ewido 4.0 2008.11.02 -
    F-Prot 4.4.4.56 2008.11.01 -
    F-Secure 8.0.14332.0 2008.11.02 -
    Fortinet 3.117.0.0 2008.10.31 -
    GData 19 2008.11.02 -
    Ikarus T3.1.1.44.0 2008.11.02 -
    K7AntiVirus 7.10.514 2008.11.01 -
    Kaspersky 7.0.0.125 2008.11.02 -
    McAfee 5421 2008.11.02 -
    Microsoft 1.4005 2008.11.02 -
    NOD32 3575 2008.10.31 -
    Norman 5.80.02 2008.10.31 -
    Panda 9.0.0.4 2008.11.02 -
    PCTools 4.4.2.0 2008.11.02 -
    Prevx1 V2 2008.11.02 -
    Rising 21.01.62.00 2008.11.02 -
    SecureWeb-Gateway 6.7.6 2008.11.02 -
    Sophos 4.35.0 2008.11.02 -
    Sunbelt 3.1.1767.2 2008.10.31 -
    Symantec 10 2008.11.02 -
    TheHacker 6.3.1.1.135 2008.10.31 -
    TrendMicro 8.700.0.1004 2008.10.31 -
    VBA32 3.12.8.9 2008.11.02 -
    ViRobot 2008.10.31.1446 2008.10.31 -
    VirusBuster 4.5.11.0 2008.11.01 -

    Information additionnelle
    File size: 359808 bytes
    MD5...: 667192a11db19f36624119c0dd4de4f2
    SHA1..: 7c065584153da79b143b4af774ab6e80b45c7aa5
    SHA256: 9c030cd554d106c5cd352e73152d524ac5dd24cc08ac60740538a2e3278903e7
    SHA512: ea984c0d1cf61c0608a8b95e66be62d4e894d1f1b5f44d698f3e67eb83747dd7<BR>48fb23ade5e2812d2b990e2ef57a2da08e598187e89ffe63438c616158692bf7
    PEiD..: -
    TrID..: File type identification<BR>Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x61416<BR>timedatestamp.....: 0x43c7103c (Fri Jan 13 02:28:12 2006)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 10 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x380 0x3eb3e 0x3eb80 6.60 46b8ea72648ed1d1eb548849e0c7d7ae<BR>.rdata 0x3ef00 0x57c 0x580 4.44 06e3937c0fd430a4cc73e8172a880eac<BR>.data 0x3f480 0xa4a4 0xa500 0.06 adabe7a069526451cc32fb7eb232e5d7<BR>PAGE 0x49980 0x1f2b 0x1f80 6.38 ca61abebedaf2d9e3af88cb60ea12684<BR>PAGELK 0x4b900 0x6f2 0x700 6.22 f70a1d3a2c576e2a180f10c1fa544e24<BR>PAGEIPMc 0x4c000 0x2781 0x2800 6.43 be6c6b9341cbf9387098d592e3953705<BR>.edata 0x4e800 0x341 0x380 5.20 556a70fd8e3397f41bdd1a9ee295127f<BR>INIT 0x4eb80 0x5836 0x5880 6.21 56e61ce88ce1bf9a306b4b73ad212210<BR>.rsrc 0x54400 0x3f0 0x400 3.41 b8a576bf7ae4a3cd8a2006b884c6933c<BR>.reloc 0x54800 0x3564 0x3580 6.82 37ac70ac8a6743355db14fddc3819faa<BR><BR>( 4 imports ) <BR>> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex<BR>> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter<BR>> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile<BR>> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel<BR><BR>( 31 exports ) <BR>ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum<BR>

    5 Novembre 2008 21:00:37

    Salut
    désolé du retard, j'ai pété mon pc en installant mandriv

    tu me postes le rapport de Combofix :wahoo: 
    7 Novembre 2008 17:39:07

    bonjour voici le rapport de combotfix
    ComboFix 08-10-31.02 - Administrateur 2008-11-08 7:41:19.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1430 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-08 au 2008-11-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-04 20:27 . 2008-11-04 20:27 <REP> d-------- C:\Documents and Settings\ashley
    2008-11-01 18:33 . 2008-11-01 18:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-31 17:25 . 2008-10-31 17:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-31 17:25 . 2008-10-31 17:25 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-10-31 17:25 . 2008-10-31 17:25 <REP> d-------- C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\Malwarebytes
    2008-10-31 17:25 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-31 17:25 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-30 16:21 . 2008-10-30 16:50 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-10-30 16:20 . 2008-08-14 14:44 2,182,400 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-30 16:20 . 2008-08-14 14:44 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-30 16:20 . 2008-08-14 14:44 2,059,776 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-30 16:20 . 2008-08-14 14:44 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-30 16:20 . 2008-09-15 16:39 1,846,144 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-30 16:20 . 2007-04-02 06:59 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
    2008-10-30 16:20 . 2008-08-28 11:04 333,056 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-30 16:20 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-30 16:20 . 2008-06-14 18:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-30 16:19 . 2008-04-11 19:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-10-30 16:18 . 2008-10-15 17:55 339,456 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-30 16:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-10-30 16:16 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-10-30 16:16 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-30 15:51 . 2008-10-30 15:51 268 --ah----- C:\sqmdata06.sqm
    2008-10-30 15:51 . 2008-10-30 15:51 244 --ah----- C:\sqmnoopt06.sqm
    2008-10-30 09:48 . 2008-10-30 09:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-10-30 09:16 . 2008-10-30 09:16 268 --ah----- C:\sqmdata05.sqm
    2008-10-30 09:16 . 2008-10-30 09:16 244 --ah----- C:\sqmnoopt05.sqm
    2008-10-30 09:08 . 2008-10-30 09:08 268 --ah----- C:\sqmdata04.sqm
    2008-10-30 09:08 . 2008-10-30 09:08 244 --ah----- C:\sqmnoopt04.sqm
    2008-10-30 09:05 . 2008-10-30 09:05 <REP> d-------- C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\AVGTOOLBAR
    2008-10-29 16:03 . 2005-07-26 13:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2008-10-29 16:03 . 2005-07-26 13:43 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-10-29 16:03 . 2005-07-26 13:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2008-10-29 16:03 . 2005-07-26 13:43 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
    2008-10-29 16:03 . 2005-07-26 13:43 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
    2008-10-29 16:03 . 2005-07-26 13:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2008-10-29 16:03 . 2005-07-26 13:43 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
    2008-10-12 09:58 . 2004-08-19 15:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-30 16:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-10-30 15:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2008-10-02 11:35 --------- d-----w C:\Program Files\Belgacom
    2008-10-02 11:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft
    2008-10-02 11:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Support.com
    2008-10-01 17:56 --------- d-----w C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\LimeWire
    2008-09-27 16:37 --------- d-----w C:\Program Files\MP3 Player Utilities 4.19
    2008-09-27 16:07 --------- d-----w C:\Program Files\Free Video Converter
    2008-09-27 15:54 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-09-27 15:54 --------- d-----w C:\Program Files\AVS4YOU
    2008-09-27 15:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
    2008-09-27 15:54 --------- d-----w C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\AVS4YOU
    2008-09-27 11:53 --------- d-----w C:\Program Files\Sun
    2008-09-27 11:53 --------- d-----w C:\Program Files\Java
    2008-09-27 11:49 --------- d-----w C:\Program Files\LimeWire
    2008-09-25 18:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
    2008-09-25 18:21 --------- d-----w C:\Program Files\epson
    2008-09-21 13:48 --------- d-----w C:\Program Files\Tomb Raider - Legend
    2008-09-19 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
    2008-09-18 10:13 --------- d-----w C:\Program Files\NOS
    2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-14 12:38 --------- d-----w C:\Program Files\Core Design
    2008-09-14 12:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe AIR
    2008-09-14 12:16 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
    2008-09-14 12:16 33,533 ----a-w C:\WINDOWS\system32\CoreVorbis-uninstall.exe
    2008-09-14 12:16 --------- d-----w C:\Program Files\XviD
    2008-09-14 12:15 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-09-14 12:15 --------- d-----w C:\Program Files\Google
    2008-09-09 19:36 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-09 19:36 --------- d-----w C:\Program Files\Windows Live
    2008-09-09 01:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-09-09 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-09 01:11 --------- d-----w C:\Program Files\AMD
    2008-09-09 01:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-09-09 01:06 --------- d-----w C:\Program Files\Realtek
    2008-09-09 00:55 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-09-09 00:54 --------- d-----w C:\Documents and Settings\Administrateur.XPSP2-639E6C874\Application Data\InstallShield
    2008-08-20 05:37 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    .

    ------- Sigcheck -------

    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\tcpip.sys
    2006-02-14 20:56 359808 667192a11db19f36624119c0dd4de4f2 C:\WINDOWS\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
    "nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 248]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.HFYU"= huffyuv.dll
    "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 102400]
    R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);C:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\tr1setup.exe
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
    O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 -: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.19\AMVConverter\grab.html
    O8 -: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 -: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 -: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-08 07:42:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-08 7:44:02
    ComboFix-quarantined-files.txt 2008-11-08 06:43:51
    ComboFix2.txt 2008-11-03 13:40:00
    ComboFix3.txt 2008-11-02 10:36:31

    Avant-CF: 37 143 703 552 octets libres
    Après-CF: 37,152,083,968 octets libres

    185 --- E O F --- 2008-10-31 02:03:26
    7 Novembre 2008 18:16:52

    bonsoir je suis la maman. demain et dimanche nous pouvons être connecté toute la journée si cela vous arrange. Je ne suis pas très sûre d'utiliser l'ordinateur avec un virus incrusté. D'autre part, vous m'avez conseillé d'avoir un anti=virus, j'ai acheté g=data internet security2008 mais j'ai vu plus tard que beaucoup de personnes avaient des problèmes avec celui=ci, qu'en pensez=vous?
    8 Novembre 2008 01:21:59

    Bonsoir
    tu as passé plusieurs fois l'outil, je ne vois donc pas toutes les suppressions.
    comment se comporte ton pc?
    Citation :
    j'ai acheté g=data internet security2008 mais j'ai vu plus tard que beaucoup de personnes avaient des problèmes avec celui=ci, qu'en pensez=vous?

    rien, je ne connais pas cet antivirus :) 
    8 Novembre 2008 14:47:25

    mon ordi ne rame plus,licone de anti-spyware 2009 a disparu
    8 Novembre 2008 16:51:17

    bonjour
    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.



    ++++++++++++++++++

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    9 Novembre 2008 09:59:38

    bonjour je sais pais si c'est cela que tu ma demander mais bon :

    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, November 10, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Saturday, November 08, 2008 15:35:47
    Records in database: 1374536


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    A:\
    C:\
    D:\

    Scan statistics
    Files scanned 45398
    Threat name 0
    Infected objects 0
    Suspicious objects 0
    Duration of the scan 00:24:03

    No malware has been detected. The scan area is clean.
    The selected area was scanned.
    9 Novembre 2008 20:37:00

    bonsoir
    parfait

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS