Se connecter / S'enregistrer
Votre question

Salut, demande analyse hijack [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Août 2008 10:30:28

salut,
j'ai attrapé un cutwail (qlq chose comme ca), et j'ai essayé de faire du ménage ( Mac Afee et windows defender). j'ai aussi supprim" des dll mais la je crois que j'ai du faire deux trois erreurs...
sinon j'ai remarqué dans le gestionnaire de taches (processus) que j'avais un iexplorer (System) qui tourne tous seul ?

Merci de me filer un peu d'aide, j'ai lancé Hijack, ci joint le log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:13, on 24/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: XBTP05973 Class - {16ACFF91-DE7B-4463-83EE-327DBD01391D} - C:\PROGRA~1\CHERCH~1\CHERCH~1.DLL
O2 - BHO: (no name) - {267212FE-B77A-4C83-BB75-3F84B52A3BEE} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {48192418-7669-4C45-BE54-9679858B45DD} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {84F3CA6A-C0E6-4141-8DAA-9678B1089F51} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Chercher Outils - {CF04C67F-221F-4266-BC0A-38E6AF7F4D10} - C:\Program Files\Chercher Outils\chercher2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [eCarteBleue-SG-P3] "C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe" /dontopenmycards
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [342d9b06] rundll32.exe "C:\WINDOWS\system32\qxxwtdsi.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ca30be878b640589ae170c4ff53ce35
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ca30be878b640589ae170c4ff53ce35
O8 - Extra context menu item: Tout Télécharger avec Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Télécharger avec Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O20 - Winlogon Notify: tuvTkjih - tuvTkjih.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 12660 bytes

Autres pages sur : salut demande analyse hijack resolu

24 Août 2008 14:07:44

bonjour

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


    25 Août 2008 09:57:39

    Salut,
    apparement cela a été efficace
    Merci

    le log SDFix :


    SDFix: Version 1.219
    Run by Ordinateur on 25/08/2008 at 09:16

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFIX\SDFix

    Checking Services :

    Name :
    WINDF66

    Path :
    System32\Drivers\Windf66.sys

    WINDF66 - Deleted



    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    Service WINDF66 - Deleted

    Checking Files :

    Trojan Files Found:

    C:\Documents and Settings\Ordinateur\Application Data\ultra\uninstall.bat - Deleted
    C:\Documents and Settings\Ordinateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
    C:\WINDOWS\inf\ultra.inf - Deleted
    C:\WINDOWS\system32\WinCtrl32.dll - Deleted
    C:\WINDOWS\system32\drivers\WINDF66.sys - Deleted



    Folder C:\Documents and Settings\Ordinateur\Application Data\ultra - Removed


    Removing Temp Files

    ADS Check :

    :) 

    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-25 09:27:14
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff0c8d2]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0013eff0c8d2]

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:000000db
    "TracesSuccessful"=dword:0000000a

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:D isabled:LEXPPS.EXE"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:p artage de l'application RTC"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Fritivi\\fritivi.exe"="C:\\Program Files\\Fritivi\\fritivi.exe:*:Enabled:Fritivi"
    "C:\\Program Files\\Fritivi\\Fritivi_Pip.exe"="C:\\Program Files\\Fritivi\\Fritivi_Pip.exe:*:Enabled:Fritivi_Pip"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:D isabled:Microsoft DirectPlay Voice Test"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:D isabled:VLC media player"
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:D isabled:VLC media player"
    "C:\\Program Files\\FreePCvcR\\vlc\\vlc.exe"="C:\\Program Files\\FreePCvcR\\vlc\\vlc.exe:*:D isabled:VLC media player"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
    "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:D isabled:RealPlayer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :


    File Backups: - C:\SDFIX\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 21 Sep 2004 199 A.SHR --- "C:\Disque local (G)\BOOT.BAK"
    Mon 14 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
    Sat 10 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 31 May 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
    Sat 31 May 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
    Sun 17 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sun 8 Jun 2008 888 ...HR --- "C:\Documents and Settings\Ordinateur\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Sat 10 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\Ordinateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Sun 11 Dec 2005 20 A..H. --- "C:\Documents and Settings\Ordinateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Sat 10 Dec 2005 312 ...H. --- "C:\Documents and Settings\Ordinateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Sun 11 Dec 2005 1,536 A..H. --- "C:\Documents and Settings\Ordinateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2d3de94317cec27c0fd13671114be92a\BIT54.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT4E.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b5f484130e76f990053cd368ea0c649\BIT51.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7551d9aad32dabb2ef3aa5108dd69f4c\BIT4A.tmp"
    Sun 20 Nov 2005 337,640 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8f21a6fc8706e4a58a3abcb6b73de26c\BIT49.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT55.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42f4d4aec80f787c077283561db7334\BIT4D.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\BIT52.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT4C.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT4F.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\download\BIT5D.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\download\BIT62.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\download\BIT5C.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\925c7afc2ba478434e358c78673b4a12\download\BIT6E.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\download\BIT61.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\98091b7e393d32343cd6ee6419786bb1\download\BIT64.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\download\BIT5B.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\aa5e30c9c629be6e595c0c04f3e98649\download\BIT6A.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c27bd89901ef6b60dcbba81071f79f35\download\BIT6C.tmp"
    Sun 20 Nov 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\download\BIT67.tmp"

    Finished!



    et le log Hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:35:37, on 25/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: XBTP05973 Class - {16ACFF91-DE7B-4463-83EE-327DBD01391D} - C:\PROGRA~1\CHERCH~1\CHERCH~1.DLL
    O2 - BHO: (no name) - {267212FE-B77A-4C83-BB75-3F84B52A3BEE} - (no file)
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {48192418-7669-4C45-BE54-9679858B45DD} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {84F3CA6A-C0E6-4141-8DAA-9678B1089F51} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Chercher Outils - {CF04C67F-221F-4266-BC0A-38E6AF7F4D10} - C:\Program Files\Chercher Outils\chercher2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
    O4 - HKLM\..\Run: [eCarteBleue-SG-P3] "C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe" /dontopenmycards
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [342d9b06] rundll32.exe "C:\WINDOWS\system32\qxxwtdsi.dll",b
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = G:\Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ca30be878b640589ae170c4ff53ce35
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ca30be878b640589ae170c4ff53ce35
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
    O20 - Winlogon Notify: tuvTkjih - tuvTkjih.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

    --
    End of file - 12231 bytes
    Contenus similaires
    25 Août 2008 19:20:34

    bonsoir, ce n'est pas fini...

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    27 Août 2008 08:18:56

    Salut,

    j'ai cliquer sans trop lire et du coup j'ai dabord lancer une analyse rapide puis une analyse complete, ci joint les deux logs :

    rapide :

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1088
    Windows 5.1.2600 Service Pack 3

    23:12:40 26/08/2008
    mbam-log-08-26-2008 (23-12-35).txt

    Type de recherche: Examen rapide
    Eléments examinés: 47394
    Temps écoulé: 5 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 22
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{267212fe-b77a-4c83-bb75-3f84b52a3bee} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhclrdj0er3r (Rogue.Multiple) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\342d9b06 (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\simple\Application Data\rhclrdj0er3r\Quarantine\Packages (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Ordinateur\Application Data\rhclrdj0er3r\Quarantine\Packages (Rogue.Multiple) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
    C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> No action taken.
    C:\Documents and Settings\simple\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.


    et celui de l'analyse complete :

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1088
    Windows 5.1.2600 Service Pack 3

    07:57:13 27/08/2008
    mbam-log-08-27-2008 (07-57-03).txt

    Type de recherche: Examen complet (C:\|G:\|)
    Eléments examinés: 218422
    Temps écoulé: 1 hour(s), 15 minute(s), 46 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Chercher Outils\spyrem.exe (Adware.SpywareRem) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008614.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008664.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008725.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008735.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008797.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008802.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008877.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\A0008936.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP17\snapshot\MFEX-1.DAT (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP18\A0009215.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP18\A0009274.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP18\A0009279.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP18\A0009341.dll (Trojan.Cutwail) -> No action taken.
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP18\snapshot\MFEX-1.DAT (Trojan.Cutwail) -> No action taken.


    merci encore !
    27 Août 2008 18:40:45

    bonsoir
    Citation :
    j'ai cliquer sans trop lire

    effectivement:
    Tu as mal lu la procédure:
    dans ton rapport:
    Citation :
    C:\Documents and Settings\simple\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.


    Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".

    Recommence stp

    lis:
    http://www.infos-du-net.com/forum/281885-11-forum-fige-...
    29 Août 2008 07:48:01

    Salut,
    j'ai bien cliquer sur supprimer la selection,
    j'ai quand meme relancé l'analyse voici le résultat :

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1088
    Windows 5.1.2600 Service Pack 3

    06:59:00 29/08/2008
    mbam-log-08-29-2008 (06-58-57).txt

    Type de recherche: Examen complet (C:\|G:\|)
    Eléments examinés: 216533
    Temps écoulé: 1 hour(s), 14 minute(s), 13 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{1F7FE187-9267-44F4-BF76-B7252D444F64}\RP18\A0009630.exe (Adware.SpywareRem) -> No action taken.




    meme remarque je fais un enregistrement du log et apres je supprime la selection.

    Cdlt.
    29 Août 2008 22:18:55

    bonsoir
    c'est bon, on poursuit :) 

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    2 Septembre 2008 23:22:43

    salut,
    bon malgré la desactivation de McAfee et de windows defender, cela plante systématiquement le PC, donc j'ai lancé le comboFix en mode sans echec, j'ai tué les processus McAfee que j'ai pu "identifié" mais j'ai pas réussi a tous desactivé.
    Neanmoins le rapport comboFix :

    ComboFix 08-08-31.01 - Ordinateur 2008-09-02 22:52:06.2 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Ordinateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\inetx26.img

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-01 22:35 . 2008-09-01 23:38 <REP> d-------- C:\Photo-6
    2008-09-01 22:12 . 2008-09-01 22:12 <REP> d-------- C:\Program Files\e-Carte Bleue Soci‚t‚ G‚n‚rale
    2008-08-26 23:03 . 2008-08-26 23:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-26 23:03 . 2008-08-26 23:03 <REP> d-------- C:\Documents and Settings\Ordinateur\Application Data\Malwarebytes
    2008-08-26 23:03 . 2008-08-26 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-26 23:03 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-26 23:03 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 09:15 . 2008-08-25 09:15 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-08-25 09:13 . 2008-08-25 09:13 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-25 09:06 . 2008-08-25 09:06 <REP> d-------- C:\SDFIX
    2008-08-24 11:49 . 2008-08-24 11:49 <REP> d-------- C:\Program Files\CCleaner
    2008-08-16 12:39 . 2008-08-16 12:39 137 --a------ C:\WINDOWS\system32\MRT.INI
    2008-08-16 08:32 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-16 08:29 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-09 11:01 . 2008-08-09 11:01 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-09 11:01 . 2008-08-09 11:01 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-09 10:16 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
    2008-08-09 10:16 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
    2008-08-09 10:16 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
    2008-08-09 10:16 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
    2008-08-09 10:14 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
    2008-08-09 10:13 . 2008-04-14 04:34 380,928 --------- C:\WINDOWS\system32\irprops.cpl
    2008-08-09 10:13 . 2008-04-14 04:33 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
    2008-08-09 10:13 . 2008-04-14 04:33 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
    2008-08-09 10:13 . 2008-04-14 04:10 2,524 --------- C:\WINDOWS\system32\pid.inf
    2008-08-09 10:11 . 2008-04-14 04:33 233,472 --------- C:\WINDOWS\system32\azroles.dll
    2008-08-09 10:11 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
    2008-08-09 10:11 . 2008-04-14 04:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
    2008-08-07 23:43 . 2008-04-14 04:34 32,866 --a------ C:\WINDOWS\slrundll.exe
    2008-08-07 23:09 . 2008-08-09 08:36 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
    2008-08-03 19:21 . 2008-08-03 19:21 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-01 21:46 --------- d-----w C:\Program Files\McAfee
    2008-09-01 20:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 20:12 --------- d-----w C:\Program Files\e-Carte Bleue Société Générale
    2008-08-27 06:46 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-08-15 18:45 --------- d-----w C:\Documents and Settings\Ordinateur\Application Data\SiteAdvisor
    2008-07-30 23:10 --------- d-----w C:\Program Files\Windows Defender
    2008-07-29 06:56 --------- d-----w C:\Documents and Settings\simple\Application Data\vlc
    2008-07-29 06:24 --------- d-----w C:\Documents and Settings\simple\Application Data\SiteAdvisor
    2008-07-29 06:03 --------- d-----w C:\Documents and Settings\simple\Application Data\Lavasoft
    2008-07-28 22:20 --------- d-----w C:\Program Files\Google
    2005-12-04 11:17 30,424 ----a-w C:\Documents and Settings\Ordinateur\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16ACFF91-DE7B-4463-83EE-327DBD01391D}]
    2006-07-11 17:20 548864 --a------ C:\PROGRA~1\CHERCH~1\CHERCH~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CF04C67F-221F-4266-BC0A-38E6AF7F4D10}"= "C:\Program Files\Chercher Outils\chercher2.dll" [2006-07-11 17:20 548864]

    [HKEY_CLASSES_ROOT\clsid\{cf04c67f-221f-4266-bc0a-38e6af7f4d10}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1CFFD38D-5526-4897-AEC2-64C9B901349A}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CF04C67F-221F-4266-BC0A-38E6AF7F4D10}"= "C:\Program Files\Chercher Outils\chercher2.dll" [2006-07-11 17:20 548864]

    [HKEY_CLASSES_ROOT\clsid\{cf04c67f-221f-4266-bc0a-38e6af7f4d10}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1CFFD38D-5526-4897-AEC2-64C9B901349A}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
    "ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-05-25 23:35 335872]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
    "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2004-04-20 13:05 118784]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
    "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 21:10 36904]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg"="CTASIO.DLL" [2003-02-21 00:27 110592 C:\WINDOWS\system32\CTASIO.DLL]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]
    "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqy54.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fritivi\\fritivi.exe"=
    "C:\\Program Files\\Fritivi\\Fritivi_Pip.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\FreePCvcR\\vlc\\vlc.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
    R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 18:06]
    R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
    S0 Winqy54;Winqy54;C:\WINDOWS\system32\Drivers\Winqy54.sys []
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-01-02 22:34]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{48192418-7669-4C45-BE54-9679858B45DD} - (no file)
    BHO-{84F3CA6A-C0E6-4141-8DAA-9678B1089F51} - (no file)
    HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    Notify-tuvTkjih - tuvTkjih.dll


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.free.fr/
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
    R1 -: HKCU-Internet Settings,ProxyOverride = <local>
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: E&xporter vers Microsoft Excel - G:\Office\Office10\EXCEL.EXE/3000
    O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ca30be878b640589ae170c4ff53ce35
    O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ca30be878b640589ae170c4ff53ce35
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-02 22:56:53
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6253\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-02 23:01:27 - machine was rebooted [Ordinateur]
    ComboFix-quarantined-files.txt 2008-09-02 21:01:15

    Pre-Run: 164,455,591,936 octets libres
    Post-Run: 164,628,180,992 octets libres

    217 --- E O F --- 2008-09-01 19:30:35


    et le nouveau log Hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:10:12, on 02/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: XBTP05973 Class - {16ACFF91-DE7B-4463-83EE-327DBD01391D} - C:\PROGRA~1\CHERCH~1\CHERCH~1.DLL
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Chercher Outils - {CF04C67F-221F-4266-BC0A-38E6AF7F4D10} - C:\Program Files\Chercher Outils\chercher2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = G:\Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ca30be878b640589ae170c4ff53ce35
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ca30be878b640589ae170c4ff53ce35
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

    --
    End of file - 11487 bytes

    Cdlt.
    3 Septembre 2008 14:38:41

    re

    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    Winqy54



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    4 Septembre 2008 00:25:39

    salut,
    bon plantage en mode normal malgre le fichier glissé "Multiple_IRP_COMPLETE_REQUESTS".
    ci joint le log en mode sans echec :

    ComboFix 08-08-31.01 - Ordinateur 2008-09-04 0:04:31.3 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Ordinateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Ordinateur\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WINQY54
    -------\Service_Winqy54


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-01 22:35 . 2008-09-01 23:38 <REP> d-------- C:\Photo-6
    2008-09-01 22:12 . 2008-09-01 22:12 <REP> d-------- C:\Program Files\e-Carte Bleue Soci‚t‚ G‚n‚rale
    2008-08-26 23:03 . 2008-08-26 23:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-26 23:03 . 2008-08-26 23:03 <REP> d-------- C:\Documents and Settings\Ordinateur\Application Data\Malwarebytes
    2008-08-26 23:03 . 2008-08-26 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-26 23:03 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-26 23:03 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 09:15 . 2008-08-25 09:15 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-08-25 09:13 . 2008-08-25 09:13 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-25 09:06 . 2008-08-25 09:06 <REP> d-------- C:\SDFIX
    2008-08-24 11:49 . 2008-08-24 11:49 <REP> d-------- C:\Program Files\CCleaner
    2008-08-16 12:39 . 2008-08-16 12:39 137 --a------ C:\WINDOWS\system32\MRT.INI
    2008-08-16 08:32 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-16 08:29 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-09 11:01 . 2008-08-09 11:01 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-09 11:01 . 2008-08-09 11:01 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-09 10:16 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
    2008-08-09 10:16 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
    2008-08-09 10:16 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
    2008-08-09 10:16 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
    2008-08-09 10:14 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
    2008-08-09 10:13 . 2008-04-14 04:34 380,928 --------- C:\WINDOWS\system32\irprops.cpl
    2008-08-09 10:13 . 2008-04-14 04:33 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
    2008-08-09 10:13 . 2008-04-14 04:33 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
    2008-08-09 10:13 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
    2008-08-09 10:13 . 2008-04-14 04:10 2,524 --------- C:\WINDOWS\system32\pid.inf
    2008-08-09 10:11 . 2008-04-14 04:33 233,472 --------- C:\WINDOWS\system32\azroles.dll
    2008-08-09 10:11 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
    2008-08-09 10:11 . 2008-04-14 04:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
    2008-08-07 23:43 . 2008-04-14 04:34 32,866 --a------ C:\WINDOWS\slrundll.exe
    2008-08-07 23:09 . 2008-08-09 08:36 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
    2008-08-03 19:21 . 2008-08-03 19:21 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-01 21:46 --------- d-----w C:\Program Files\McAfee
    2008-09-01 20:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 20:12 --------- d-----w C:\Program Files\e-Carte Bleue Société Générale
    2008-08-27 06:46 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-08-15 18:45 --------- d-----w C:\Documents and Settings\Ordinateur\Application Data\SiteAdvisor
    2008-07-30 23:10 --------- d-----w C:\Program Files\Windows Defender
    2008-07-29 06:56 --------- d-----w C:\Documents and Settings\simple\Application Data\vlc
    2008-07-29 06:24 --------- d-----w C:\Documents and Settings\simple\Application Data\SiteAdvisor
    2008-07-29 06:03 --------- d-----w C:\Documents and Settings\simple\Application Data\Lavasoft
    2008-07-28 22:20 --------- d-----w C:\Program Files\Google
    2005-12-04 11:17 30,424 ----a-w C:\Documents and Settings\Ordinateur\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16ACFF91-DE7B-4463-83EE-327DBD01391D}]
    2006-07-11 17:20 548864 --a------ C:\PROGRA~1\CHERCH~1\CHERCH~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CF04C67F-221F-4266-BC0A-38E6AF7F4D10}"= "C:\Program Files\Chercher Outils\chercher2.dll" [2006-07-11 17:20 548864]

    [HKEY_CLASSES_ROOT\clsid\{cf04c67f-221f-4266-bc0a-38e6af7f4d10}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1CFFD38D-5526-4897-AEC2-64C9B901349A}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CF04C67F-221F-4266-BC0A-38E6AF7F4D10}"= "C:\Program Files\Chercher Outils\chercher2.dll" [2006-07-11 17:20 548864]

    [HKEY_CLASSES_ROOT\clsid\{cf04c67f-221f-4266-bc0a-38e6af7f4d10}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1CFFD38D-5526-4897-AEC2-64C9B901349A}]
    [HKEY_CLASSES_ROOT\XBTB05973.XBTB05973]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
    "ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-05-25 23:35 335872]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
    "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2004-04-20 13:05 118784]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
    "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 21:10 36904]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg"="CTASIO.DLL" [2003-02-21 00:27 110592 C:\WINDOWS\system32\CTASIO.DLL]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]
    "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqy54.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fritivi\\fritivi.exe"=
    "C:\\Program Files\\Fritivi\\Fritivi_Pip.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\FreePCvcR\\vlc\\vlc.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
    R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 18:06]
    R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-01-02 22:34]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-04 00:09:41
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\SiteAdvisor\6253\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-04 0:13:28 - machine was rebooted [Ordinateur]
    ComboFix-quarantined-files.txt 2008-09-03 22:13:18
    ComboFix2.txt 2008-09-02 21:01:30

    Pre-Run: 164,645,937,152 octets libres
    Post-Run: 164,616,380,416 octets libres

    202 --- E O F --- 2008-09-02 21:12:29
    4 Septembre 2008 20:56:45

    bonsoir
    reposte un log hijackthis stp
    comment se comporte ton pc?

    4 Septembre 2008 22:27:10

    Salut,
    le pc se comporte beaucoup mieux, beaucoup plus rapide, la memoire utilisée est revenu à un niveau normale, bref il me semble que les differents outils utilisés ont été efficace.

    cdlt,
    ci joint le log hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:18:09, on 04/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: XBTP05973 Class - {16ACFF91-DE7B-4463-83EE-327DBD01391D} - C:\PROGRA~1\CHERCH~1\CHERCH~1.DLL
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Chercher Outils - {CF04C67F-221F-4266-BC0A-38E6AF7F4D10} - C:\Program Files\Chercher Outils\chercher2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = G:\Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\Office\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1ca30be878b640589ae170c4ff53ce35
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1ca30be878b640589ae170c4ff53ce35
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

    --
    End of file - 11128 bytes
    5 Septembre 2008 21:09:55

    bonsoir
    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    18 Septembre 2008 07:06:42

    Bonjour,
    je n'ai pas pu le faire avant ( deplacement).

    Cdlt,

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Thursday, September 18, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, September 17, 2008 21:39:42
    Records in database: 1246340
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    J:\
    K:\

    Scan statistics:
    Files scanned: 171781
    Threat name: 4
    Infected objects: 4
    Suspicious objects: 0
    Duration of the scan: 02:25:30


    File name / Threat name / Threats count
    C:\Program Files\Chercher Outils\chercher2.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
    C:\SDFIX\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Mutant.ayw 1
    C:\SDFIX\SDFix\backups\catchme.zip Infected: Trojan-Downloader.Win32.Mutant.aim 1
    G:\Documents and Settings\andré patrice\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-13e2130d-242b9f76.zip Infected: Exploit.Java.ByteVerify 1

    The selected area was scanned.
    18 Septembre 2008 21:13:46

    bonsoir

    supprime le dossier:
    C:\SDFIX

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Program Files\Chercher Outils\chercher2.dll
    G:\Documents and Settings\andré patrice\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-13e2130d-242b9f76.zip


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log



    21 Septembre 2008 23:10:01

    Salut,
    ci joint le rapport :

    C:\Program Files\Chercher Outils\chercher2.dll unregistered successfully.
    File move failed. C:\Program Files\Chercher Outils\chercher2.dll scheduled to be moved on reboot.
    G:\Documents and Settings\andré patrice\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-13e2130d-242b9f76.zip moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09212008_230156

    Files moved on Reboot...
    File C:\Program Files\Chercher Outils\chercher2.dll not found!
    22 Septembre 2008 20:34:02

    bonsoir

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    22 Septembre 2008 21:50:27

    Salut et Merci. :sol: 
    22 Septembre 2008 22:01:00

    de rien
    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS