Votre question

cheval de Troie Trojan.Win32.BHO.agz [resolu]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Janvier 2008 23:28:23

Bonsoir j'ai été infecté par ce cheval de trois que je n'arrive pas a effacer
cheval de Troie Trojan.Win32.BHO.agz Le fichier: C:\WINDOWS\system32\admpars.dll//PE_Patch.UPX//UPX

merci de m'aider

Autres pages sur : cheval troie trojan win32 bho agz resolu

3 Janvier 2008 09:15:10

Bonjour voici mon analyse
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:17, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sandra\Local Settings\Temporary Internet Files\Content.IE5\AWOS291N\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {E7026AB9-942C-49D0-A8F7-4D3D8E29FB5B} - C:\WINDOWS\system32\admpars.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 4212 bytes
Contenus similaires
3 Janvier 2008 16:33:27

Bonjour, j'ai exactement le même problème sous Kaspersky. Il m'a détecté : Cheval de Troie / Trojan.Win32.BHO.agz situé c:\windows\system32\msftedi.dll mais le seul choix que j'ai est Ignorer. Comment le supprimer ?



Bonne année en passant :)  :hello: 
3 Janvier 2008 18:15:50

bonsoir, desole de ne pouvoir t' aider car personne ne m'a repondu a mon probleme
merci de m'aider aussi
3 Janvier 2008 19:33:48

Re
j'ai voulu telecharger par le lien voici la reponse quil me met
une fenetre bleu souvre avec ecrit please wait
et une petite fenetre avec
some installation files are corrupt.
please download a frech copy and retry the installation
3 Janvier 2008 20:51:55

allloooooooooo
3 Janvier 2008 22:11:50

Cela veut dire que le fichier est incomplet.

Désactive ton antivirus et recommence la manip.
4 Janvier 2008 09:35:28

Re bonjour
Merci pour l'info effectivement cela marche
voici le rapport combofix
ComboFix 08-01-04.1 - sandra 2008-01-04 9:28:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\sandra\Local Settings\Temporary Internet Files\Content.IE5\7AZTPDRZ\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sandra\Application Data\install_fr[1].exe
C:\WINDOWS\system32\sprt_ads.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 09:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 09:01 . 2008-01-04 09:01 <REP> d-------- C:\WINDOWS\LastGood
2008-01-03 14:44 . 2007-10-11 00:49 6,065,664 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-03 14:44 . 2007-07-01 04:31 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-03 14:44 . 2007-07-01 04:36 1,048,576 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-03 14:44 . 2007-10-11 00:49 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-03 14:44 . 2007-10-11 00:49 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-03 14:44 . 2007-10-11 00:49 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-03 14:44 . 2007-10-11 00:49 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-03 14:44 . 2007-10-11 00:49 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-03 14:44 . 2007-10-10 11:59 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-03 14:42 . 2008-01-03 14:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-03 14:39 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-02 23:16 . 2008-01-02 23:16 <REP> d-------- C:\Program Files\Trend Micro
2008-01-02 19:28 . 2008-01-02 20:03 <REP> d-------- C:\Program Files\The Cleaner Free
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Uniblue
2008-01-02 14:33 . 2008-01-02 22:15 0 --a------ C:\WINDOWS\win.ini
2008-01-02 13:43 . 2008-01-02 15:03 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-01-01 21:21 . 2008-01-02 22:11 45 --a------ C:\TEST.XML
2008-01-01 18:26 . 2008-01-01 18:26 <REP> d-------- C:\VundoFix Backups
2008-01-01 17:56 . 2003-05-07 19:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-01-01 17:51 . 2004-08-05 14:00 84,992 --a------ C:\WINDOWS\system32\admpars.dll
2008-01-01 17:51 . 19,456 C:\WINDOWS\system32\drivers\muolofmu.dat
2008-01-01 13:33 . 2008-01-01 13:33 <REP> d-------- C:\Documents and Settings\sandra\Application Data\DivX
2008-01-01 10:44 . 2008-01-03 14:41 1,355 --a------ C:\WINDOWS\imsins.BAK
2007-12-31 17:34 . 2008-01-01 00:10 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 17:34 . 2008-01-02 14:58 <REP> d-------- C:\Program Files\DivX
2007-12-31 17:34 . 2007-12-31 17:34 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Yahoo!
2007-12-31 17:34 . 2007-11-29 23:30 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-12-31 17:34 . 2007-11-29 23:30 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-12-31 11:03 . 2007-12-31 11:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-31 11:02 . 2007-11-29 23:30 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-31 11:02 . 2007-03-08 00:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-31 11:02 . 2007-03-08 00:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 18:42 . 2008-01-02 15:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-28 23:04 . 2007-12-28 23:04 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Sonic
2007-12-28 23:04 . 2007-12-28 23:04 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Leadertech
2007-12-28 17:34 . 2008-01-03 13:26 <REP> d-------- C:\Documents and Settings\sandra\Shared
2007-12-28 17:34 . 2008-01-01 18:10 <REP> d-------- C:\Documents and Settings\sandra\Incomplete
2007-12-28 17:34 . 2007-12-31 21:55 <REP> d-------- C:\Documents and Settings\sandra\Application Data\LimeWire
2007-12-27 17:47 . 2007-12-27 17:47 <REP> d-------- C:\Documents and Settings\sandra\Application Data\AdobeUM
2007-12-27 17:46 . 2007-12-27 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-26 13:41 . 2007-12-26 13:41 <REP> d-------- C:\Program Files\TGTSoft
2007-12-26 13:38 . 2007-12-30 19:46 <REP> d---s---- C:\Documents and Settings\sandra\UserData
2007-12-25 22:26 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-12-25 21:03 . 2007-12-25 21:10 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-25 21:03 . 2007-12-25 21:10 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-25 21:02 . 2007-12-25 21:02 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-25 21:02 . 2008-01-04 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-25 21:02 . 2008-01-04 09:29 4,463,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-25 21:02 . 2008-01-04 09:30 119,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-25 21:02 . 2008-01-03 21:14 60,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-25 21:02 . 2008-01-03 21:14 12,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-25 18:17 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-25 18:17 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-25 18:17 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-25 12:54 . 2007-12-25 12:54 <REP> d-------- C:\WINDOWS\Sun
2007-12-23 09:58 . 2008-01-01 00:12 <REP> d-------- C:\Program Files\Lavasoft
2007-12-23 09:02 . 2007-12-23 09:48 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 08:57 . 2007-12-23 08:57 <REP> d-------- C:\Documents and Settings\sandra\Application Data\PC Tools
2007-12-23 08:57 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-23 08:53 . 2008-01-02 15:07 <REP> d-------- C:\Program Files\Google
2007-12-22 21:09 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\SET1D.tmp
2007-12-22 21:09 . 2007-07-09 14:11 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-22 21:09 . 2006-12-19 19:17 334,336 --a------ C:\WINDOWS\system32\dllcache\wiaservc.dll
2007-12-21 22:24 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-21 22:22 . 2007-12-21 22:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-21 21:36 . 2007-12-21 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-12-21 21:35 . 2005-04-05 16:20 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-12-21 21:35 . 2005-03-25 17:27 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-12-21 21:32 . 2008-01-04 09:01 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\WINDOWS\Motive
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Program Files\Fichiers communs\Motive
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Program Files\Common Files
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-21 21:30 . 2003-10-22 09:54 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2007-12-21 21:30 . 2003-10-22 09:54 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2007-12-21 21:30 . 2003-10-22 09:54 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2007-12-21 21:30 . 2003-10-22 09:54 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2007-12-21 21:29 . 2007-12-21 21:29 <REP> d-------- C:\Program Files\Motive
2007-12-21 21:29 . 2007-12-21 21:36 <REP> d-------- C:\Program Files\Club-Internet
2007-12-21 21:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-21 21:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-21 21:25 . 2007-12-21 21:25 <REP> d-------- C:\WINDOWS\Java
2007-12-21 21:24 . 2007-12-21 21:24 <REP> d-------- C:\Program Files\BroadJump
2007-12-21 21:24 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2007-12-21 21:24 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2007-12-21 21:24 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2007-12-21 21:24 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2007-12-21 21:24 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2007-12-21 21:22 . 2002-02-14 03:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2007-12-21 21:20 . 2007-12-21 21:20 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2007-12-21 21:20 . 2007-12-21 21:20 <REP> d-------- C:\Documents and Settings\sandra\Application Data\FotoWire
2007-12-21 21:19 . 2007-12-21 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-21 21:19 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 17:47 --------- d-----w C:\Program Files\Real
2007-12-25 19:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-22 04:01 --------- d-----w C:\Program Files\Symantec
2007-12-22 04:00 --------- d-----w C:\Program Files\Services en ligne
2007-12-22 04:00 --------- d-----w C:\Program Files\QuickTime
2007-12-22 04:00 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 03:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-22 03:58 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-12-22 03:57 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-12-22 03:57 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-22 03:56 --------- d-----w C:\Program Files\Viewpoint
2007-12-22 03:56 --------- d-----w C:\Program Files\Sonic
2007-12-22 03:56 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-22 03:56 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-22 03:56 --------- d-----w C:\Program Files\Learn2.com
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-22 03:56 --------- d-----w C:\Program Files\CyberLink
2007-12-22 03:56 --------- d-----w C:\Program Files\AOL Compagnon
2007-12-22 03:56 --------- d-----w C:\Program Files\AOL 9.0
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-21 20:25 155,995 ----a-w C:\WINDOWS\Java\Packages\R7XJR5JX.ZIP
2007-12-21 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 20:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-21 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 03:53 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7026AB9-942C-49D0-A8F7-4D3D8E29FB5B}]
2004-08-05 14:00 84992 --a------ C:\WINDOWS\system32\admpars.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-21 18:26 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-06-28 12:51 218376 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 17:16 376912 --a------ C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE REBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-12-21 21:18 20480 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 17:32 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-10-08 03:14 81920 --a------ c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"SymWSC"=2 (0x2)
"StyleXPService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SLService"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MysqlInventime"=3 (0x3)
"AOL ACS"=2 (0x2)

R0 qktjisti;qktjisti;C:\WINDOWS\system32\drivers\muolofmu.dat []
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys []

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-03-21 17:31:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 09:30:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 9:31:07
ComboFix-quarantined-files.txt 2008-01-04 08:30:57
.
2008-01-03 13:44:44 --- E O F ---

rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:17, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {E7026AB9-942C-49D0-A8F7-4D3D8E29FB5B} - C:\WINDOWS\system32\admpars.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 4354 bytes
4 Janvier 2008 14:08:54

bonjour
que faire maintenant
merci
4 Janvier 2008 22:55:54

Bonjour

Copie (Ctrl+C) le texte ci-dessous :

Driver::
qktjisti

File::
C:\WINDOWS\system32\admpars.dll
C:\WINDOWS\system32\drivers\muolofmu.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7026AB9-942C-49D0-A8F7-4D3D8E29FB5B}]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
4 Janvier 2008 23:56:28

Re
je suis désolé mais j'ai désactiver mon antivirus ainsi que mon pare feu pour executer combofix comme dans la 1ere manip mais de nouveau c'est pareil et je comprend pas pourquoi.
Désolé de compliqué les choses
5 Janvier 2008 00:17:14

RE
ca y'est ca marcher j'ai juste dût re télécharger combofix
Raport
ComboFix 08-01-04.1 - sandra 2008-01-05 0:09:55.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.475 [GMT 1:00]
Running from: C:\Documents and Settings\sandra\Local Settings\Temporary Internet Files\Content.IE5\A4AHVXCC\ComboFix[1].exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 09:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 14:44 . 2007-10-11 00:49 6,065,664 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-03 14:44 . 2007-07-01 04:31 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-03 14:44 . 2007-07-01 04:36 1,048,576 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-03 14:44 . 2007-10-11 00:49 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-03 14:44 . 2007-10-11 00:49 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-03 14:44 . 2007-10-11 00:49 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-03 14:44 . 2007-10-11 00:49 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-03 14:44 . 2007-10-11 00:49 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-03 14:44 . 2007-10-10 11:59 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-03 14:42 . 2008-01-03 14:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-03 14:39 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-02 23:16 . 2008-01-02 23:16 <REP> d-------- C:\Program Files\Trend Micro
2008-01-02 19:28 . 2008-01-02 20:03 <REP> d-------- C:\Program Files\The Cleaner Free
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Uniblue
2008-01-02 14:33 . 2008-01-02 22:15 0 --a------ C:\WINDOWS\win.ini
2008-01-02 13:43 . 2008-01-02 15:03 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-01-01 21:21 . 2008-01-02 22:11 45 --a------ C:\TEST.XML
2008-01-01 18:26 . 2008-01-01 18:26 <REP> d-------- C:\VundoFix Backups
2008-01-01 17:56 . 2003-05-07 19:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-01-01 17:51 . 2004-08-05 14:00 84,992 --a------ C:\WINDOWS\system32\admpars.dll
2008-01-01 17:51 . 19,456 C:\WINDOWS\system32\drivers\muolofmu.dat
2008-01-01 13:33 . 2008-01-01 13:33 <REP> d-------- C:\Documents and Settings\sandra\Application Data\DivX
2008-01-01 10:44 . 2008-01-03 14:43 1,355 --a------ C:\WINDOWS\imsins.BAK
2007-12-31 17:34 . 2008-01-01 00:10 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 17:34 . 2008-01-02 14:58 <REP> d-------- C:\Program Files\DivX
2007-12-31 17:34 . 2007-12-31 17:34 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Yahoo!
2007-12-31 17:34 . 2007-11-29 23:30 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-12-31 17:34 . 2007-11-29 23:30 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-12-31 11:03 . 2007-12-31 11:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-31 11:02 . 2007-11-29 23:30 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-31 11:02 . 2007-03-08 00:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-31 11:02 . 2007-03-08 00:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 18:42 . 2008-01-02 15:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-28 23:04 . 2007-12-28 23:04 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Sonic
2007-12-28 23:04 . 2007-12-28 23:04 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Leadertech
2007-12-28 17:34 . 2008-01-03 13:26 <REP> d-------- C:\Documents and Settings\sandra\Shared
2007-12-28 17:34 . 2008-01-01 18:10 <REP> d-------- C:\Documents and Settings\sandra\Incomplete
2007-12-28 17:34 . 2007-12-31 21:55 <REP> d-------- C:\Documents and Settings\sandra\Application Data\LimeWire
2007-12-27 17:47 . 2007-12-27 17:47 <REP> d-------- C:\Documents and Settings\sandra\Application Data\AdobeUM
2007-12-27 17:46 . 2007-12-27 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-26 13:41 . 2007-12-26 13:41 <REP> d-------- C:\Program Files\TGTSoft
2007-12-26 13:38 . 2007-12-30 19:46 <REP> d---s---- C:\Documents and Settings\sandra\UserData
2007-12-25 22:26 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-12-25 21:03 . 2007-12-25 21:10 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-25 21:03 . 2007-12-25 21:10 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-25 21:02 . 2007-12-25 21:02 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-25 21:02 . 2008-01-04 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-25 21:02 . 2008-01-05 00:10 4,621,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-25 21:02 . 2008-01-05 00:11 125,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-25 21:02 . 2008-01-04 23:47 63,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-25 21:02 . 2008-01-04 23:47 13,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-25 18:17 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-25 18:17 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-25 18:17 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-25 12:54 . 2007-12-25 12:54 <REP> d-------- C:\WINDOWS\Sun
2007-12-23 09:58 . 2008-01-01 00:12 <REP> d-------- C:\Program Files\Lavasoft
2007-12-23 09:02 . 2007-12-23 09:48 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 08:57 . 2007-12-23 08:57 <REP> d-------- C:\Documents and Settings\sandra\Application Data\PC Tools
2007-12-23 08:57 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-23 08:53 . 2008-01-02 15:07 <REP> d-------- C:\Program Files\Google
2007-12-22 21:09 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\SET1D.tmp
2007-12-22 21:09 . 2007-07-09 14:11 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-22 21:09 . 2006-12-19 19:17 334,336 --a------ C:\WINDOWS\system32\dllcache\wiaservc.dll
2007-12-21 22:24 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-21 22:22 . 2007-12-21 22:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-21 21:36 . 2007-12-21 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-12-21 21:35 . 2005-04-05 16:20 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-12-21 21:35 . 2005-03-25 17:27 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-12-21 21:32 . 2008-01-04 09:01 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\WINDOWS\Motive
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Program Files\Fichiers communs\Motive
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Program Files\Common Files
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-21 21:30 . 2003-10-22 09:54 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2007-12-21 21:30 . 2003-10-22 09:54 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2007-12-21 21:30 . 2003-10-22 09:54 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2007-12-21 21:30 . 2003-10-22 09:54 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2007-12-21 21:29 . 2007-12-21 21:29 <REP> d-------- C:\Program Files\Motive
2007-12-21 21:29 . 2007-12-21 21:36 <REP> d-------- C:\Program Files\Club-Internet
2007-12-21 21:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-21 21:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-21 21:25 . 2007-12-21 21:25 <REP> d-------- C:\WINDOWS\Java
2007-12-21 21:24 . 2007-12-21 21:24 <REP> d-------- C:\Program Files\BroadJump
2007-12-21 21:24 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2007-12-21 21:24 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2007-12-21 21:24 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2007-12-21 21:24 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2007-12-21 21:24 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2007-12-21 21:22 . 2002-02-14 03:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2007-12-21 21:20 . 2007-12-21 21:20 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2007-12-21 21:20 . 2007-12-21 21:20 <REP> d-------- C:\Documents and Settings\sandra\Application Data\FotoWire
2007-12-21 21:19 . 2007-12-21 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-21 21:19 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-21 21:18 . 2007-12-21 21:20 <REP> d-------- C:\Program Files\Logitech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 17:47 --------- d-----w C:\Program Files\Real
2007-12-25 19:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-22 04:01 --------- d-----w C:\Program Files\Symantec
2007-12-22 04:00 --------- d-----w C:\Program Files\Services en ligne
2007-12-22 04:00 --------- d-----w C:\Program Files\QuickTime
2007-12-22 04:00 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 03:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-22 03:58 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-12-22 03:57 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-12-22 03:57 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-22 03:56 --------- d-----w C:\Program Files\Viewpoint
2007-12-22 03:56 --------- d-----w C:\Program Files\Sonic
2007-12-22 03:56 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-22 03:56 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-22 03:56 --------- d-----w C:\Program Files\Learn2.com
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-22 03:56 --------- d-----w C:\Program Files\CyberLink
2007-12-22 03:56 --------- d-----w C:\Program Files\AOL Compagnon
2007-12-22 03:56 --------- d-----w C:\Program Files\AOL 9.0
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-21 20:25 155,995 ----a-w C:\WINDOWS\Java\Packages\R7XJR5JX.ZIP
2007-12-21 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 20:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-21 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 03:53 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_ 9.30.29,82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2007-08-13 17:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:30:52 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7026AB9-942C-49D0-A8F7-4D3D8E29FB5B}]
2004-08-05 14:00 84992 --a------ C:\WINDOWS\system32\admpars.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-21 18:26 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-06-28 12:51 218376 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 17:16 376912 --a------ C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE REBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-12-21 21:18 20480 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 17:32 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-10-08 03:14 81920 --a------ c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"SymWSC"=2 (0x2)
"StyleXPService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SLService"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MysqlInventime"=3 (0x3)
"AOL ACS"=2 (0x2)

R0 qktjisti;qktjisti;C:\WINDOWS\system32\drivers\muolofmu.dat []
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2005-03-21 17:31:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 00:11:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 0:12:19
ComboFix-quarantined-files.txt 2008-01-04 23:12:16
ComboFix2.txt 2008-01-04 23:06:04
ComboFix3.txt 2008-01-04 08:31:08
.
2008-01-04 22:47:18 --- E O F ---

Raport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13:52, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {E7026AB9-942C-49D0-A8F7-4D3D8E29FB5B} - C:\WINDOWS\system32\admpars.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 4321 bytes
Merci et bonne soirée
5 Janvier 2008 09:34:48

Bonjour a tous
5 Janvier 2008 13:00:30

j'ai toujours mon virus si vous pouvez m'aider
Merci
5 Janvier 2008 19:23:20

Bonjour

C'est normal d'avoir toujours l'infection, tu n'as pas suivi les consignes.

Regarde la localisation de Combofix
C:\Documents and Settings\sandra\Local Settings\Temporary Internet Files\Content.IE5\A4AHVXCC\ComboFix[1].exe

Il doit se trouver sur le Bureau.

Déplace Combofix.exe sur le Bureau et recommence avec CFScript.txt
5 Janvier 2008 21:58:09

Bonsoir
Voila j'ai recommencer et voici le rapport combofix
ComboFix 08-01-04.1 - sandra 2008-01-05 21:49:36.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.531 [GMT 1:00]
Running from: C:\Documents and Settings\sandra\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\sandra\Bureau\CFScript.txt.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\admpars.dll
C:\WINDOWS\system32\drivers\muolofmu.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\admpars.dll
C:\WINDOWS\system32\drivers\muolofmu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_QKTJISTI
-------\qktjisti


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 09:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 14:44 . 2007-10-11 00:49 6,065,664 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-03 14:44 . 2007-07-01 04:31 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-03 14:44 . 2007-07-01 04:36 1,048,576 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-03 14:44 . 2007-10-11 00:49 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-03 14:44 . 2007-10-11 00:49 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-03 14:44 . 2007-10-11 00:49 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-03 14:44 . 2007-10-11 00:49 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-03 14:44 . 2007-10-11 00:49 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-03 14:44 . 2007-10-10 11:59 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-03 14:42 . 2008-01-03 14:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-03 14:39 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-02 23:16 . 2008-01-02 23:16 <REP> d-------- C:\Program Files\Trend Micro
2008-01-02 19:28 . 2008-01-02 20:03 <REP> d-------- C:\Program Files\The Cleaner Free
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Uniblue
2008-01-02 14:33 . 2008-01-02 22:15 0 --a------ C:\WINDOWS\win.ini
2008-01-02 13:43 . 2008-01-02 15:03 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-01-01 21:21 . 2008-01-02 22:11 45 --a------ C:\TEST.XML
2008-01-01 18:26 . 2008-01-01 18:26 <REP> d-------- C:\VundoFix Backups
2008-01-01 17:56 . 2003-05-07 19:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-01-01 13:33 . 2008-01-01 13:33 <REP> d-------- C:\Documents and Settings\sandra\Application Data\DivX
2008-01-01 10:44 . 2008-01-03 14:43 1,355 --a------ C:\WINDOWS\imsins.BAK
2007-12-31 17:34 . 2008-01-01 00:10 <REP> d-------- C:\Program Files\Yahoo!
2007-12-31 17:34 . 2008-01-02 14:58 <REP> d-------- C:\Program Files\DivX
2007-12-31 17:34 . 2007-12-31 17:34 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Yahoo!
2007-12-31 17:34 . 2007-11-29 23:30 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-12-31 17:34 . 2007-11-29 23:30 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-12-31 11:03 . 2007-12-31 11:03 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-31 11:02 . 2007-11-29 23:30 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-31 11:02 . 2007-03-08 00:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-31 11:02 . 2007-03-08 00:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 18:42 . 2008-01-02 15:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-28 23:04 . 2007-12-28 23:04 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Sonic
2007-12-28 23:04 . 2007-12-28 23:04 <REP> d-------- C:\Documents and Settings\sandra\Application Data\Leadertech
2007-12-28 17:34 . 2008-01-03 13:26 <REP> d-------- C:\Documents and Settings\sandra\Shared
2007-12-28 17:34 . 2008-01-01 18:10 <REP> d-------- C:\Documents and Settings\sandra\Incomplete
2007-12-28 17:34 . 2007-12-31 21:55 <REP> d-------- C:\Documents and Settings\sandra\Application Data\LimeWire
2007-12-27 17:47 . 2007-12-27 17:47 <REP> d-------- C:\Documents and Settings\sandra\Application Data\AdobeUM
2007-12-27 17:46 . 2007-12-27 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-26 13:41 . 2007-12-26 13:41 <REP> d-------- C:\Program Files\TGTSoft
2007-12-26 13:38 . 2007-12-30 19:46 <REP> d---s---- C:\Documents and Settings\sandra\UserData
2007-12-25 22:26 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-12-25 21:03 . 2007-12-25 21:10 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-25 21:03 . 2007-12-25 21:10 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-25 21:02 . 2007-12-25 21:02 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-25 21:02 . 2008-01-05 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-25 21:02 . 2008-01-05 21:52 5,112,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-25 21:02 . 2008-01-05 21:52 129,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-25 21:02 . 2008-01-05 21:52 69,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-25 21:02 . 2008-01-05 21:52 14,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-25 18:17 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-25 18:17 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-25 18:17 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-25 18:17 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-25 12:54 . 2007-12-25 12:54 <REP> d-------- C:\WINDOWS\Sun
2007-12-23 09:58 . 2008-01-01 00:12 <REP> d-------- C:\Program Files\Lavasoft
2007-12-23 09:02 . 2007-12-23 09:48 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 08:57 . 2007-12-23 08:57 <REP> d-------- C:\Documents and Settings\sandra\Application Data\PC Tools
2007-12-23 08:57 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-23 08:53 . 2008-01-02 15:07 <REP> d-------- C:\Program Files\Google
2007-12-22 21:09 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\SET1D.tmp
2007-12-22 21:09 . 2007-07-09 14:11 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-22 21:09 . 2006-12-19 19:17 334,336 --a------ C:\WINDOWS\system32\dllcache\wiaservc.dll
2007-12-21 22:24 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-21 22:22 . 2007-12-21 22:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-21 21:36 . 2007-12-21 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-12-21 21:35 . 2005-04-05 16:20 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2007-12-21 21:35 . 2005-03-25 17:27 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2007-12-21 21:32 . 2008-01-04 09:01 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\WINDOWS\Motive
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Program Files\Fichiers communs\Motive
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Program Files\Common Files
2007-12-21 21:30 . 2007-12-21 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-21 21:30 . 2003-10-22 09:54 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2007-12-21 21:30 . 2003-10-22 09:54 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2007-12-21 21:30 . 2003-10-22 09:54 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2007-12-21 21:30 . 2003-10-22 09:54 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2007-12-21 21:29 . 2007-12-21 21:29 <REP> d-------- C:\Program Files\Motive
2007-12-21 21:29 . 2007-12-21 21:36 <REP> d-------- C:\Program Files\Club-Internet
2007-12-21 21:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-21 21:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-21 21:25 . 2007-12-21 21:25 <REP> d-------- C:\WINDOWS\Java
2007-12-21 21:24 . 2007-12-21 21:24 <REP> d-------- C:\Program Files\BroadJump
2007-12-21 21:24 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2007-12-21 21:24 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2007-12-21 21:24 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2007-12-21 21:24 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2007-12-21 21:24 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2007-12-21 21:22 . 2002-02-14 03:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2007-12-21 21:20 . 2007-12-21 21:20 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2007-12-21 21:20 . 2007-12-21 21:20 <REP> d-------- C:\Documents and Settings\sandra\Application Data\FotoWire
2007-12-21 21:19 . 2007-12-21 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-21 21:19 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-21 21:18 . 2007-12-21 21:20 <REP> d-------- C:\Program Files\Logitech
2007-12-21 21:12 . 2007-12-22 04:56 <REP> d-------- C:\Documents and Settings\sandra\WINDOWS
2007-12-21 21:12 . 2007-12-22 04:56 <REP> d--h----- C:\Documents and Settings\sandra\Voisinage r‚seau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 17:47 --------- d-----w C:\Program Files\Real
2007-12-25 19:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-22 04:01 --------- d-----w C:\Program Files\Symantec
2007-12-22 04:00 --------- d-----w C:\Program Files\Services en ligne
2007-12-22 04:00 --------- d-----w C:\Program Files\QuickTime
2007-12-22 04:00 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 03:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-22 03:58 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-12-22 03:57 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-12-22 03:57 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-22 03:56 --------- d-----w C:\Program Files\Viewpoint
2007-12-22 03:56 --------- d-----w C:\Program Files\Sonic
2007-12-22 03:56 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-22 03:56 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-22 03:56 --------- d-----w C:\Program Files\Learn2.com
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-12-22 03:56 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-22 03:56 --------- d-----w C:\Program Files\CyberLink
2007-12-22 03:56 --------- d-----w C:\Program Files\AOL Compagnon
2007-12-22 03:56 --------- d-----w C:\Program Files\AOL 9.0
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-12-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-21 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 20:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-21 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_ 9.30.29,82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2007-08-13 17:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:30:52 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-21 18:26 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2007-06-28 12:51 218376 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 17:16 376912 --a------ C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE REBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-12-21 21:18 20480 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 15:24 458752 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 15:14 217088 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 17:32 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-10-08 03:14 81920 --a------ c:\Apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"SymWSC"=2 (0x2)
"StyleXPService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SLService"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MysqlInventime"=3 (0x3)
"AOL ACS"=2 (0x2)

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2005-03-21 17:31:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 21:53:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 21:55:19 - machine was rebooted [sandra]
ComboFix-quarantined-files.txt 2008-01-05 20:55:09
ComboFix2.txt 2008-01-04 23:12:20
ComboFix3.txt 2008-01-04 23:06:04
ComboFix4.txt 2008-01-04 08:31:08
.
2008-01-04 22:47:18 --- E O F ---

et le rapport hitjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:38, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 4297 bytes
Merci et bonne soirée
5 Janvier 2008 22:22:52

un grand merci car le virus est parti
je voulais savoir si je doit garder kaspersky ou mettre un autre et hitjackthis je le garde ou le supprime.
Merci
6 Janvier 2008 11:56:17

J'ai un doute sur le rapport c'est bien ca.

nterface[1].js;C:\Documents and Settings\sandra\Local Settings\Temporary Internet Files\Content.IE5\8UJB0MNF;VBS.PackFor.2;Supprimé.;
jquery[1].js;C:\Documents and Settings\sandra\Local Settings\Temporary Internet Files\Content.IE5\BG9FOP9A;VBS.PackFor.2;Supprimé.;
POSTOOBE.NEC;C:\DRIVERS;VBS.Generic.278;Supprimé.;
install_fr[1].exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\sandra\Application Data;Trojan.DownLoader.36408;Supprimé.;
A0002458.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP13;Trojan.DownLoader.36408;Supprimé.;
6 Janvier 2008 16:55:43

Oui

As tu encore des dysfonctionnements ?
6 Janvier 2008 20:25:15

non ca marche correctement
quel antivirus me conseil tu car j'ai kaspersky en eval?
un grand merci a vous tous qui aider les autres dans leurs panne.
6 Janvier 2008 21:43:03

Re
Merci pour tout j'enleve kaspersky et je le remplace par antivir
Le sujet reste en ligne ou il faut que je le supprime
Bonne année
6 Janvier 2008 22:47:35

Re

tu ne touches à rien d'autre ;) 
20 Février 2008 13:52:56

Moi j'utilise régulièremene Adaware. On trouve Adaware gratuitement en ligne et onpeut faire une analyse de son ordinateur pour detecter les logiciels espions eventuels. Quand ils ont été (automatiquement) localisés, on peut les supprimer ou les mettre en quarantaine, ce qui ne met pas en danger le fonctionnement de l'ordinateur mais rend ces entités inactives.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS