Se connecter / S'enregistrer
Votre question

virus internet explorer

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Avril 2008 10:08:28

salut tout le monde depuis quelque temps je suis infecté par un virus mais je ne sais pa du tout d'ou il pourrai venir en fait ce kil lance internet explorer dans mes processus tout seul et sa bouffe de la mémoire voila merci d'avance aidé moi !!!

Autres pages sur : virus internet explorer

6 Avril 2008 11:18:51

Salut,

Qu'est-ce qui te dit que c'est un virus ?

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce Tuto.
6 Avril 2008 12:31:39

j'en sait rien si c un virus ou autre justement c'est pour sa que je fai apel a vos services
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:21, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: ["C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [C:\WINDOWS\system32\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\WINDOWS\system32\DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [C:\Program Files\SuperCopier2\SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\julien\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKCU\..\Policies\Explorer\Run: [Printing Utilities] spolsv.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{26A33D30-40E2-42CE-890B-528A5C8C9BAC}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEDD52D1-9FB9-4EDE-9C99-DCF3FA891070}: NameServer = 80.10.246.1,80.10.246.132
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ladchkr - Unknown owner - C:\WINDOWS\system32\ladchkr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10240 bytes
Contenus similaires
6 Avril 2008 12:43:50

Re,

Oui, tu es infecté !

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
6 Avril 2008 13:47:10

voila le rapport:
SDFix: Version 1.167
Run by julien on 06/04/2008 at 15:05

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\jfiehayd.dll - Deleted
C:\Documents and Settings\julien\Local Settings\Temp\ubi7.tmp.exe - Deleted
C:\Documents and Settings\julien\Local Settings\Temp\ubiD1.tmp.exe - Deleted
C:\DOCUME~1\julien\LOCALS~1\Temp\TEMP1.ZIP - Deleted
C:\DOCUME~1\julien\LOCALS~1\Temp\winlogan.exe - Deleted
C:\WINDOWS\kiasys.dll - Deleted
C:\WINDOWS\system\smvss.exe - Deleted
C:\WINDOWS\system32\NTSpool.exe - Deleted
C:\WINDOWS\yeTyezzd.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 15:23:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:30,c9,0e,f4,6d,40,b4,42,b2,6f,8f,cd,5d,b0,6d,8c,8c,0b,46,7d,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,16,63,cf,f6,ff,86,ab,89,02,2b,06,0a,06,0e,1d,4e,d8,..
"khjeh"=hex:e8,23,16,29,2a,cb,ec,10,c2,0f,68,0b,4c,c5,21,46,50,3d,ad,7c,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:D 0,65,19,39,0c,68,5e,08,79,a7,ce,a5,32,31,f6,43,6f,a8,d9,d7,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:D b,e9,bc,5a,37,d8,0d,fc,84,ee,27,c3,ee,55,dc,e7,5c,70,75,fa,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:30,c9,0e,f4,6d,40,b4,42,b2,6f,8f,cd,5d,b0,6d,8c,8c,0b,46,7d,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,16,63,cf,f6,ff,86,ab,89,02,2b,06,0a,06,0e,1d,4e,d8,..
"khjeh"=hex:e8,23,16,29,2a,cb,ec,10,c2,0f,68,0b,4c,c5,21,46,50,3d,ad,7c,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:D 0,65,19,39,0c,68,5e,08,79,a7,ce,a5,32,31,f6,43,6f,a8,d9,d7,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:D b,e9,bc,5a,37,d8,0d,fc,84,ee,27,c3,ee,55,dc,e7,5c,70,75,fa,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:30,c9,0e,f4,6d,40,b4,42,b2,6f,8f,cd,5d,b0,6d,8c,8c,0b,46,7d,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,16,63,cf,f6,ff,86,ab,89,02,2b,06,0a,06,0e,1d,4e,d8,..
"khjeh"=hex:e8,23,16,29,2a,cb,ec,10,c2,0f,68,0b,4c,c5,21,46,50,3d,ad,7c,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:D 0,65,19,39,0c,68,5e,08,79,a7,ce,a5,32,31,f6,43,6f,a8,d9,d7,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:D b,e9,bc,5a,37,d8,0d,fc,84,ee,27,c3,ee,55,dc,e7,5c,70,75,fa,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,e3,10,3b,bb,f6,6a,c7,3b,81,6d,61,d4,97,00,24,cd,dd,d7,e8,55,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9e,2d,75,50,97,9a,96,71,ca,8a,e2,4b,5e,78,d1,86,d0,..
"khjeh"=hex:a3,22,28,fb,2c,7d,c7,74,41,b2,1f,0c,6a,af,98,67,98,6f,b6,3d,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8a,7e,7c,44,23,5c,4b,77,e8,bb,80,70,be,88,26,3e,51,34,79,e6,00,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 32


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:p iolet servent main executable"
"F:\\Shareaza\\Shareaza.exe"="F:\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\orbd.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\orbd.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmiregistry.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmiregistry.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmid.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmid.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Cyanide\\Pro Cycling Manager Demo\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager Demo\\Cym2005.exe:*:Enabled:Cym2005"
"C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
"C:\\Program Files\\MaxTV\\maxtv.exe"="C:\\Program Files\\MaxTV\\maxtv.exe:*:Enabled:MaxTV Online"
"C:\\Program Files\\TerraGame\\Live Billiards\\LiveBilliardsDemo.exe"="C:\\Program Files\\TerraGame\\Live Billiards\\LiveBilliardsDemo.exe:*:Enabled:Live Billiards"
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"="C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe:*:Enabled:NFSC"
"C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:lphant Client"
"C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Audio Windows Media(TM) (wma)"
"C:\\Program Files\\MSN Messenger\\alienwaremsgr.exe"="C:\\Program Files\\MSN Messenger\\alienwaremsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Rage Software\\Offroad\\OffRoad.exe"="C:\\Program Files\\Rage Software\\Offroad\\OffRoad.exe:*:D isabled:HostileWaters"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"="C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 19 Aug 2004 2,779,648 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 19 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 28 Jan 2005 344,064 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Thu 31 Aug 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 27 Sep 2006 40,448 ...H. --- "C:\Documents and Settings\julien\Mes documents\~WRL2941.tmp"
Wed 27 Sep 2006 40,448 ...H. --- "C:\Documents and Settings\julien\Mes documents\~WRL3056.tmp"
Tue 26 Sep 2006 33,280 ...H. --- "C:\Documents and Settings\julien\Mes documents\~WRL3254.tmp"
Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Fri 9 Mar 2007 6,900,082 ..SH. --- "C:\Documents and Settings\julien\Mes documents\Ma musique\TrialTime1.exe"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\08144e57132f3a3a58bb4806c267d6d1\BIT647.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\08a1c4871c5e21a199722d060ca874d3\BIT635.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0ff46824760f3d7395869ff2ab1deb0b\BIT63A.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1809c92323cd35ff507e52ac617d468c\BIT645.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3029b2f29f64280b034728bd3ef59e88\BIT640.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3fc4c48da845525f8f6c17a5f84323c2\BIT636.tmp"
Fri 30 Nov 2007 8,726,662 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4031edf9025964ddb0dad55db4c6ca79\BIT61E.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56d569c8405ec26ff4452dcba2879a6c\BIT630.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c6b46191661d86eff922cf2abc5383c\BIT65B.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\62aacbbed083d147bc260148d9c15a82\BIT632.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\656c92fcd66b00f9a3fa9acad9d3bf1a\BIT65E.tmp"
Fri 30 Nov 2007 8,786,187 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\674ac3d89b2dbc7cebef96ba14f30ad4\BIT627.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6961a8f3b918b80899750f7a8b67d5dc\BIT62C.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e4894c8d7417b1901bc436507759a30\BIT628.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\716405ec081666b9edb4af2eb76573eb\BIT62B.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8f3e004a562e1247e8b254b9e4fee21c\BIT652.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a97bd412ef78c20b97d5d1e3965f7491\BIT655.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5ee865d9bc72aefa5f4912b7b36adcb\BIT631.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b7a39c6d6693d1f3598adcd01ab559a0\BIT64B.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3073a17bc1dad3634ef2a92953cadd0\BIT642.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BIT63D.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dc26aa093cda188e55518398937b3343\BIT646.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1092d1fd4234f8be26835d1f7b0bdcb\BIT62A.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f99846289ec5950c569069bbd41e4c8f\BIT62E.tmp"
Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0230a3590a31d668e4316ed3806e63\BIT63E.tmp"
Fri 10 Aug 2007 857 ...HR --- "C:\Documents and Settings\julien\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 16 Dec 2006 25,839,664 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4c88c5f2d6a3c2f096927cb2711a136\BIT200.tmp"

Finished!

6 Avril 2008 14:06:30

je ne sais pas si c'est fini mais j'ai deja senti la difference au démarage de windows voila merci
6 Avril 2008 14:55:57

Reposte un HijackThis ;) 
6 Avril 2008 15:29:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:48, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: ["C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKLM\..\RunOnce: [*aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O4 - HKCU\..\Run: [C:\WINDOWS\system32\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\WINDOWS\system32\DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [C:\Program Files\SuperCopier2\SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [aliceeadsl] C:\WINDOWS\system32\aliceeadsl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{26A33D30-40E2-42CE-890B-528A5C8C9BAC}: NameServer = 80.10.246.1,80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEDD52D1-9FB9-4EDE-9C99-DCF3FA891070}: NameServer = 80.10.246.1,80.10.246.132
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ladchkr - Unknown owner - C:\WINDOWS\system32\ladchkr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9622 bytes
6 Avril 2008 16:03:33

Re,

Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
9 Avril 2008 13:58:09

voila mon rapport ,désolé pour le retard beaucoup de travail en ce moment
ComboFix 08-04-08.9 - julien 2008-04-09 15:33:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.201 [GMT 4:00]
Endroit: C:\Documents and Settings\julien\Bureau\teck\mix mars 2008\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\Conditions générales.url
C:\Program Files\internetgamebox\Confidentialité.url
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
C:\Program Files\internetgamebox\ressources\NoS2F.bin
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\Website.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\pfigoq.dat
C:\WINDOWS\system32\pfigoq_nav.dat
C:\WINDOWS\system32\pfigoq_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

2008-04-06 14:57 . 2008-04-06 14:58 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 14:51 . 2008-04-06 15:37 <REP> d-------- C:\SDFix
2008-04-06 14:23 . 2008-04-06 14:23 <REP> d-------- C:\Program Files\Trend Micro
2008-04-03 19:00 . 2008-04-09 15:29 56,320 --a------ C:\WINDOWS\system32\aliceeadsl.exe
2008-04-02 17:41 . 2008-04-02 17:41 <REP> d---s---- C:\Documents and Settings\LocalService\Favoris
2008-04-02 14:04 . 2008-04-02 14:55 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-02 14:04 . 2008-04-02 14:04 <REP> d-------- C:\Documents and Settings\julien\Application Data\PC Tools
2008-04-02 14:04 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-02 14:04 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-02 14:04 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-02 14:04 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-02 13:22 . 2008-04-02 13:21 361,984 --a------ C:\WINDOWS\system32\spolsv.exe
2008-03-24 13:17 . 2008-03-24 13:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-23 12:14 . 2008-04-04 18:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-23 12:14 . 2008-03-23 12:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 19:15 . 2008-03-22 19:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-22 19:13 . 2008-03-22 19:33 <REP> d-------- C:\Documents and Settings\julien\.housecall6.6
2008-03-22 17:50 . 2008-03-22 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 15:36 . 2008-03-24 12:55 771 --a------ C:\WINDOWS\wininit.ini
2008-03-16 18:34 . 2008-03-16 18:35 32,256 --a------ C:\WINDOWS\system32\NTSecurity.exe
2008-03-10 16:56 . 2008-03-10 17:02 37,888 --a------ C:\WINDOWS\system32\rar.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 16:05 --------- d-----w C:\Program Files\eMule
2008-04-04 14:12 --------- d-----w C:\Documents and Settings\julien\Application Data\EoRezo
2008-04-03 17:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 08:04 --------- d-----w C:\Program Files\Windows Live
2008-03-22 14:51 --------- d-----w C:\Program Files\BearShare applications
2008-03-22 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-03-22 13:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-21 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-21 11:15 --------- d-----w C:\Program Files\Ubisoft
2008-03-21 11:04 --------- d-----w C:\Program Files\BoontyGames
2008-03-21 11:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-21 10:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-18 16:18 --------- d-----w C:\Program Files\LudoRama
2008-03-18 15:46 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-15 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-03-02 08:26 --------- d-----w C:\Program Files\DV Series
2008-02-29 11:12 --------- d-----w C:\Program Files\Vstplugins
2008-02-29 11:12 --------- d-----w C:\Program Files\Image-Line
2008-02-29 10:45 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-02-28 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 15:42 --------- d-----w C:\Program Files\Mio Technology
2008-02-14 14:57 --------- d-----w C:\Program Files\Replay Media Catcher
2008-02-10 17:44 --------- d-----w C:\Program Files\MSN Messenger
2008-02-10 17:44 --------- d-----w C:\Program Files\Messenger Plus! Live
.

------- Sigcheck -------

2005-10-21 07:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 08:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 09:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2001-10-07 16:57 598016 ea72e6aab27289c10edce06f4af91557 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 19:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-21 07:41 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-04 07:35 662528 19e1a21f21bc938a92ee8be630994493 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 09:24 1222144 e9eddeddd5a9b2a2258f179acf815f06 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2006-06-23 15:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\SoftwareDistribution\Download\730ba41ae6673add063bbcfd38c8e394\sp2gdr\wininet.dll
2006-06-23 15:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\SoftwareDistribution\Download\730ba41ae6673add063bbcfd38c8e394\sp2qfe\wininet.dll
2007-08-22 17:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\SoftwareDistribution\Download\f2a336ec22c0f337f1cd52fa57716ebb\sp2gdr\wininet.dll
2007-08-22 16:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\SoftwareDistribution\Download\f2a336ec22c0f337f1cd52fa57716ebb\sp2qfe\wininet.dll
2006-05-10 09:24 1222144 e9eddeddd5a9b2a2258f179acf815f06 C:\WINDOWS\system32\wininet.dll
2006-05-10 09:24 662528 343fabbf09312842816e92947aacf73a C:\WINDOWS\system32\dllcache\wininet.dll

2006-01-13 21:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 16:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2001-10-07 16:56 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 06:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-10-07 18:11 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-10-07 18:11 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS

2004-08-19 19:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe
2001-10-07 16:55 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 19:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 17:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 17:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"C:\WINDOWS\system32\DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-06-15 17:30 53248]
"C:\Program Files\SuperCopier2\SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 03:37 1057280]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-09 15:29 56320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03 36975]
"C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 19:28 790528]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 12:42 585728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-10 09:03 4628480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 17:00 79224]
"EoWeather"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2005-08-22 22:35 197632 C:\WINDOWS\system32\netman.dll]
"*aliceeadsl"="C:\WINDOWS\system32\aliceeadsl.exe" [2008-04-09 15:29 56320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^julien^Menu Démarrer^Programmes^Démarrage^Amsn.lnk]
path=C:\Documents and Settings\julien\Menu Démarrer\Programmes\Démarrage\Amsn.lnk
backup=C:\WINDOWS\pss\Amsn.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^julien^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
path=C:\Documents and Settings\julien\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk
backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^julien^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\julien\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\BearShare\BearShare.exe]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Eset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Eset\nod32kui.exe]
--a------ 2006-03-21 14:21 917504 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs\Ahead]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs\Ahead\lib]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe]
--a------ 2005-09-25 22:11 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\YourWare Solutions]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\YourWare Solutions\FreeRAM XP Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe]
--a------ 2006-03-23 02:13 1591808 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\DESKTO~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\DESKTO~1\DesktopTool.exe]
--a------ 2005-08-29 15:42 167936 C:\PROGRA~1\ALCATE~1\DESKTO~1\DesktopTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\dumprep 0 -k]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ads checker]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliceeadsl]
--a------ 2008-04-09 15:29 56320 C:\WINDOWS\system32\aliceeadsl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\180searchassistant]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\180searchassistant\180sa]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\180searchassistant\180sa\saap.exe]
c:\program files\180searchassistant\180sa\saap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\VVSN\VVSN.exe]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Winamp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Winamp\winampa.exe]
--a------ 2007-02-13 22:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\LinkSetup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe]
--a------ 2005-08-29 15:38 36864 C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo\GestMaj.exe]
C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo\Shell.exe]
C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo\Watch.exe]
C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\IME]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\IME\imjp8_1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe]
--a------ 2004-08-04 01:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\IME]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\IME\TINTLGNT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe]
--a------ 2004-08-04 01:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\NeroCheck.exe]
--a------ 2005-09-25 22:11 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 14:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
--a------ 2007-08-14 13:16 561152 C:\Program Files\EoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-23 02:13 1591808 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3GATE PUSH AGENT]
--a------ 2002-04-30 13:20 217088 C:\Program Files\NumericLabs\M3Gate\PushAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-01-10 09:03 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-01-10 09:03 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz.exe]
--a------ 2005-01-10 09:03 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pfigoq]
c:\windows\system32\pfigoq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
--a------ 2005-11-17 07:32 561664 C:\Program Files\RamBooster 2.0\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\NvCpl.dll]
--a------ 2005-01-10 09:03 4628480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\NvMcTray.dll]
--a------ 2005-01-10 09:03 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPCXL]
--a------ 2002-06-22 12:57 630784 C:\Program Files\PC Accelerator XG Trial\pcaccel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stat 'n' Perf]
C:\Program Files\StatnPerf\StatnPerf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-21 14:37 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 2001-03-19 03:41 110640 C:\WINDOWS\system32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
C:\Program Files\DAEMON Tools SearchBar\Search.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
C:\Program Files\DAEMON Tools SearchBar\whse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 22:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
--a------ 2002-08-14 17:26 819200 C:\Program Files\Foreignword\Xanadu\Xanadu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Piolet\\Piolet.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\orbd.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmiregistry.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmid.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Download Express\\dep.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Rage Software\\Offroad\\OffRoad.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S1 tvtool;tvtool;C:\Program Files\TVTool 6.5\tvtool.sys []
S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]
S2 ladchkr;ladchkr;C:\WINDOWS\system32\ladchkr.exe []
S3 alcabus;Alcatel Mobile Phones Composite Device Driver (WDM);C:\WINDOWS\system32\DRIVERS\alcabus.sys [2005-12-19 00:12]
S3 alcamdfl;Alcatel Mobile Phones Modem Filter;C:\WINDOWS\system32\DRIVERS\alcamdfl.sys [2005-12-19 00:13]
S3 alcamdm;Alcatel Mobile Phones Modem Drivers;C:\WINDOWS\system32\DRIVERS\alcamdm.sys [2005-12-19 00:13]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-04 11:39]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 11:34]
S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 09:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autostart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045f45b5-cc43-11dc-b90b-000ea66e672b}]
\Shell\AutoRun\command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83553b4c-c639-11da-9334-f9cb66dd13c6}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cf784a-c314-11da-9325-8b2acecffd28}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfb3ccd8-844d-11db-b84d-c12563b9a956}]
\Shell\AutoRun\command - K:\ReadMe.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4B4C8D3-87AC-3E5A-738A-C154F40D8901}]
C:\WINDOWS\system32\aliceeadsl.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 11:00:23 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 15:40:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"C:\\WINDOWS\\system32\\DrvMon.exe"="C:\\WINDOWS\\system32\\DrvMon.exe"
"C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\julien\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Temps d'accomplissement: 2008-04-09 15:46:31
ComboFix-quarantined-files.txt 2008-04-09 11:46:25
Pre-Run: 23,364,235,264 octets libres
Post-Run: 23,338,758,144 octets libres
9 Avril 2008 17:26:55

Re,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

**************

Copie le texte se situant dans le cadre ci-dessous :

Driver::
ladchkr

File::
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\spolsv.exe
C:\WINDOWS\system32\NTSecurity.exe
C:\DOCUME~1\julien\LOCALS~1\Temp\mc24.tmp
c:\windows\system32\pfigoq.exe

Folder::
C:\Documents and Settings\julien\Application Data\EoRezo
C:\Program Files\Save
C:\Program Files\DAEMON Tools SearchBar
c:\program files\180searchassistant\
C:\Program Files\VVSN\
C:\Program Files\EoRezo
C:\PROGRA~1\NEWDOT~1

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aliceeadsl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoWeather"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*aliceeadsl"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aliceeadsl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pfigoq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\180searchassistant]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\VVSN] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4B4C8D3-87AC-3E5A-738A-C154F40D8901}]
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

*******

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
9 Avril 2008 19:07:02

Search Navipromo version 3.5.2 commencé le 09/04/2008 à 20:17:17,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "julien"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\julien\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\julien\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\julien\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\julien\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

aliceeadsl.exe trouvé !

* Dans "C:\Documents and Settings\julien\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 09/04/2008 à 20:38:59,28 ***
9 Avril 2008 20:27:20

Fais le reste ;) 
10 Avril 2008 18:09:19

voila le reste
ComboFix 08-04-08.9 - julien 2008-04-10 19:55:25.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.81 [GMT 4:00]
Endroit: C:\Documents and Settings\julien\Bureau\teck\mix mars 2008\ComboFix.exe
Command switches used :: C:\Documents and Settings\julien\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\DOCUME~1\julien\LOCALS~1\Temp\mc24.tmp
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\NTSecurity.exe
c:\windows\system32\pfigoq.exe
C:\WINDOWS\system32\spolsv.exe
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\julien\Application Data\EoRezo
C:\Documents and Settings\julien\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\julien\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\julien\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\julien\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\julien\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\julien\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\julien\Application Data\EoRezo\eoStats\eoStats.txt
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather.cfg
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\EoWeather.cfg
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\67_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\67_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\69_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\69_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\70_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\70_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\78_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\78_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\82_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\82_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\83_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\83_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\84_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\84_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\85_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\85_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\89_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\89_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\back.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\background.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\background_1.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\background_1days.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\background_2days.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\background_7days.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\backPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\band.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\band_small.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\close.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\closePressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\earth.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\fonds_écran.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\help.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\minimise.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\next.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\option.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\small_background.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\about.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\back.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\background.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\close.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\fonds_écran.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\help.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\next.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\option.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Documents and Settings\julien\Application Data\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
C:\Documents and Settings\julien\Application Data\EoRezo\host.cyp
C:\Documents and Settings\julien\Application Data\EoRezo\towns.cfg
C:\Documents and Settings\julien\Application Data\EoRezo\user.cyp
C:\Program Files\DAEMON Tools SearchBar
C:\Program Files\DAEMON Tools SearchBar\Content\ui.cfg
C:\Program Files\DAEMON Tools SearchBar\Content\uninst.ico
C:\Program Files\DAEMON Tools SearchBar\search.db
C:\Program Files\EoRezo
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_16.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_18.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_19.dll
C:\Program Files\EoRezo\EoWeather\EoWeather.cfg
C:\Program Files\EoRezo\EoWeather\EoWeather.dll
C:\Program Files\EoRezo\EoWeather\EoWeather.url
C:\Program Files\EoRezo\EoWeather\EoWeatherSkin1.pcb
C:\Program Files\EoRezo\EoWeather\EoWeatherSkinClassic.pcb
C:\Program Files\EoRezo\EoWeather\skin_eoweather_classic.xml.en
C:\Program Files\EoRezo\EoWeather\skin_eoweather_classic.xml.es
C:\Program Files\EoRezo\EoWeather\skin_eoweather_classic.xml.fr
C:\Program Files\EoRezo\EoWeather\skin_eoweather_classic.xml.it
C:\Program Files\EoRezo\EoWeather\skin_eoweather_station meteo.xml.en
C:\Program Files\EoRezo\EoWeather\skin_eoweather_station meteo.xml.es
C:\Program Files\EoRezo\EoWeather\skin_eoweather_station meteo.xml.fr
C:\Program Files\EoRezo\EoWeather\skin_eoweather_station meteo.xml.it
C:\Program Files\EoRezo\EoWeather\unins000.dat
C:\Program Files\EoRezo\EoWeather\unins000.exe
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\WINDOWS\system32\aliceeadsl.exe
C:\WINDOWS\system32\NTSecurity.exe
C:\WINDOWS\system32\spolsv.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 20:10 . 2008-04-09 21:07 <REP> d-------- C:\Program Files\Navilog1
2008-04-06 14:57 . 2008-04-06 14:58 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 14:51 . 2008-04-06 15:37 <REP> d-------- C:\SDFix
2008-04-06 14:23 . 2008-04-06 14:23 <REP> d-------- C:\Program Files\Trend Micro
2008-04-02 17:41 . 2008-04-02 17:41 <REP> d---s---- C:\Documents and Settings\LocalService\Favoris
2008-04-02 14:04 . 2008-04-02 14:55 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-02 14:04 . 2008-04-02 14:04 <REP> d-------- C:\Documents and Settings\julien\Application Data\PC Tools
2008-04-02 14:04 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-02 14:04 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-02 14:04 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-02 14:04 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-24 13:17 . 2008-03-24 13:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-23 12:14 . 2008-04-04 18:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-23 12:14 . 2008-03-23 12:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 19:15 . 2008-03-22 19:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-22 19:13 . 2008-03-22 19:33 <REP> d-------- C:\Documents and Settings\julien\.housecall6.6
2008-03-22 17:50 . 2008-03-22 17:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 15:36 . 2008-03-24 12:55 771 --a------ C:\WINDOWS\wininit.ini
2008-03-10 16:56 . 2008-03-10 17:02 37,888 --a------ C:\WINDOWS\system32\rar.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:27 --------- d-----w C:\Program Files\eMule
2008-04-03 17:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-02 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 08:04 --------- d-----w C:\Program Files\Windows Live
2008-03-22 14:51 --------- d-----w C:\Program Files\BearShare applications
2008-03-22 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-03-22 13:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-21 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-21 11:15 --------- d-----w C:\Program Files\Ubisoft
2008-03-21 11:04 --------- d-----w C:\Program Files\BoontyGames
2008-03-21 11:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-21 10:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-18 16:18 --------- d-----w C:\Program Files\LudoRama
2008-03-18 15:46 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-15 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-03-02 08:26 --------- d-----w C:\Program Files\DV Series
2008-02-29 11:12 --------- d-----w C:\Program Files\Vstplugins
2008-02-29 11:12 --------- d-----w C:\Program Files\Image-Line
2008-02-29 10:45 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-02-28 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 15:42 --------- d-----w C:\Program Files\Mio Technology
2008-02-14 14:57 --------- d-----w C:\Program Files\Replay Media Catcher
2008-02-10 17:44 --------- d-----w C:\Program Files\MSN Messenger
2008-02-10 17:44 --------- d-----w C:\Program Files\Messenger Plus! Live
.

------- Sigcheck -------

2005-10-21 07:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 08:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 09:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2001-10-07 16:57 598016 ea72e6aab27289c10edce06f4af91557 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 19:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-21 07:41 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-04 07:35 662528 19e1a21f21bc938a92ee8be630994493 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 09:24 1222144 e9eddeddd5a9b2a2258f179acf815f06 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2006-06-23 15:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\SoftwareDistribution\Download\730ba41ae6673add063bbcfd38c8e394\sp2gdr\wininet.dll
2006-06-23 15:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\SoftwareDistribution\Download\730ba41ae6673add063bbcfd38c8e394\sp2qfe\wininet.dll
2007-08-22 17:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\SoftwareDistribution\Download\f2a336ec22c0f337f1cd52fa57716ebb\sp2gdr\wininet.dll
2007-08-22 16:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\SoftwareDistribution\Download\f2a336ec22c0f337f1cd52fa57716ebb\sp2qfe\wininet.dll
2006-05-10 09:24 1222144 e9eddeddd5a9b2a2258f179acf815f06 C:\WINDOWS\system32\wininet.dll
2006-05-10 09:24 662528 343fabbf09312842816e92947aacf73a C:\WINDOWS\system32\dllcache\wininet.dll

2006-01-13 21:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 16:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2001-10-07 16:56 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 06:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2007-10-07 18:11 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-10-07 18:11 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS

2004-08-19 19:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe
2001-10-07 16:55 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 19:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 17:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 17:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"C:\WINDOWS\system32\DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-06-15 17:30 53248]
"C:\Program Files\SuperCopier2\SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 03:37 1057280]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03 36975]
"C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 19:28 790528]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 12:42 585728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-10 09:03 4628480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 17:00 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2005-08-22 22:35 197632 C:\WINDOWS\system32\netman.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^julien^Menu Démarrer^Programmes^Démarrage^Amsn.lnk]
path=C:\Documents and Settings\julien\Menu Démarrer\Programmes\Démarrage\Amsn.lnk
backup=C:\WINDOWS\pss\Amsn.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^julien^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
path=C:\Documents and Settings\julien\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk
backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^julien^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\julien\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\BearShare\BearShare.exe]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Eset]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Eset\nod32kui.exe]
--a------ 2006-03-21 14:21 917504 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs\Ahead]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs\Ahead\lib]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe]
--a------ 2005-09-25 22:11 94208 C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\YourWare Solutions]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\YourWare Solutions\FreeRAM XP Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe]
--a------ 2006-03-23 02:13 1591808 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\DESKTO~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\DESKTO~1\DesktopTool.exe]
--a------ 2005-08-29 15:42 167936 C:\PROGRA~1\ALCATE~1\DESKTO~1\DesktopTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\dumprep 0 -k]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ads checker]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\VVSN\VVSN.exe]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Winamp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\Winamp\winampa.exe]
--a------ 2007-02-13 22:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\LinkSetup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe]
--a------ 2005-08-29 15:38 36864 C:\PROGRA~1\ALCATE~1\LinkSetup\PhoneDetectLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo\GestMaj.exe]
C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo\Shell.exe]
C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\PROGRA~1\Wanadoo\Watch.exe]
C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\IME]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\IME\imjp8_1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe]
--a------ 2004-08-04 01:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\IME]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\IME\TINTLGNT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe]
--a------ 2004-08-04 01:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\NeroCheck.exe]
--a------ 2005-09-25 22:11 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 14:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
C:\Program Files\EoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
--a------ 2006-03-23 02:13 1591808 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 12:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3GATE PUSH AGENT]
--a------ 2002-04-30 13:20 217088 C:\Program Files\NumericLabs\M3Gate\PushAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-01-10 09:03 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-01-10 09:03 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz.exe]
--a------ 2005-01-10 09:03 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
--a------ 2005-11-17 07:32 561664 C:\Program Files\RamBooster 2.0\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\NvCpl.dll]
--a------ 2005-01-10 09:03 4628480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\NvMcTray.dll]
--a------ 2005-01-10 09:03 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPCXL]
--a------ 2002-06-22 12:57 630784 C:\Program Files\PC Accelerator XG Trial\pcaccel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stat 'n' Perf]
C:\Program Files\StatnPerf\StatnPerf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-21 14:37 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 2001-03-19 03:41 110640 C:\WINDOWS\system32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 22:29 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
--a------ 2002-08-14 17:26 819200 C:\Program Files\Foreignword\Xanadu\Xanadu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Piolet\\Piolet.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\orbd.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmiregistry.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\rmid.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Download Express\\dep.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Rage Software\\Offroad\\OffRoad.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S1 tvtool;tvtool;C:\Program Files\TVTool 6.5\tvtool.sys []
S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]
S2 ladchkr;ladchkr;C:\WINDOWS\system32\ladchkr.exe []
S3 alcabus;Alcatel Mobile Phones Composite Device Driver (WDM);C:\WINDOWS\system32\DRIVERS\alcabus.sys [2005-12-19 00:12]
S3 alcamdfl;Alcatel Mobile Phones Modem Filter;C:\WINDOWS\system32\DRIVERS\alcamdfl.sys [2005-12-19 00:13]
S3 alcamdm;Alcatel Mobile Phones Modem Drivers;C:\WINDOWS\system32\DRIVERS\alcamdm.sys [2005-12-19 00:13]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-04 11:39]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 11:34]
S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 09:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autostart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045f45b5-cc43-11dc-b90b-000ea66e672b}]
\Shell\AutoRun\command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83553b4c-c639-11da-9334-f9cb66dd13c6}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cf784a-c314-11da-9325-8b2acecffd28}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfb3ccd8-844d-11db-b84d-c12563b9a956}]
\Shell\AutoRun\command - K:\ReadMe.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 11:00:23 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 20:03:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"C:\\WINDOWS\\system32\\DrvMon.exe"="C:\\WINDOWS\\system32\\DrvMon.exe"
"C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\julien\LOCALS~1\Temp\mc24.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\julien\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Temps d'accomplissement: 2008-04-10 20:09:47
ComboFix-quarantined-files.txt 2008-04-10 16:09:39
ComboFix2.txt 2008-04-09 11:46:32
Pre-Run: 23,467,442,176 octets libres
Post-Run: 23,434,047,488 octets libres
10 Avril 2008 18:13:01

Re,

Repasse le script Combofix (plein de choses n'ont pas été effacées) .. ainsi que flash-disinfector.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS