Votre question

infecter par win 32 ; BHO - KD

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Janvier 2008 19:52:03

Bonsoir, je suis infecté par le cheval de troie win32:BHO-KD qui refuse de se faire traiter.
Comme je ne connais pas grand chose en informatique, j'aimerais avoir de l'aide. Merci
J'ai vu sur le forum que vous aimiez bien avoir un rapport Hijackthis.
Le voici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:18, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\alg.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {AD507CF6-72F8-4EA6-926F-4E52388E152B} - C:\WINNT\system32\dmoc.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://download.clickteam.com/vitalize3/vitalize.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 6883 bytes

Autres pages sur : infecter win bho

16 Janvier 2008 19:59:56

bjr, je suis assi infecté par le virus win 32 : TratBHO,

quéqué j'peux faire , j'suis pas une bête en informatique, alors si quéqu'un peux me guider , je comprends vite mais il faut m'expliquer longtemps !!!
merci d'avance;
16 Janvier 2008 20:42:11


Bonsoir ,

22 U2 , merci de créer ton propre sujet et d'écrire correctement

jean-yves49 , en effet tu es infecté ,

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )
Contenus similaires
16 Janvier 2008 21:44:16

Merci a toi de me venir en aide.
Il y a eu en effet un redémarrage du pc.
Voici le rapport combofix.
J'espere avoir bien suivi tes conseils jusqu'a maintenant.

ComboFix 08-01-16.4 - jean-yves 2008-01-16 21:27:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.226 [GMT 1:00]
Running from: C:\Documents and Settings\jean-yves\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\jean-yves\Bureau\sudoplanet.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\Conditions générales.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\Confidentialité.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\SudoPlanet.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\Website.lnk
C:\Documents and Settings\jean-yves\ResErrors.log
C:\Program Files\sudoplanet
C:\Program Files\sudoplanet\Conditions générales.url
C:\Program Files\sudoplanet\Confidentialité.url
C:\Program Files\sudoplanet\SudoPlanet.dll
C:\Program Files\sudoplanet\SudoPlanet.exe
C:\Program Files\sudoplanet\Website.url
C:\WINNT\pack.epk
C:\WINNT\system32\fgejtomem.dat
C:\WINNT\system32\fgejtomem_nav.dat
C:\WINNT\system32\fgejtomem_navps.dat
C:\WINNT\system32\gmrkfli.dat
C:\WINNT\system32\gmrkfli_nav.dat
C:\WINNT\system32\gmrkfli_navps.dat
c:\WINNT\system32\qjannjlpy.dat
C:\WINNT\system32\qjannjlpy.exe
c:\WINNT\system32\qjannjlpy_nav.dat
c:\WINNT\system32\qjannjlpy_navps.dat
C:\WINNT\system32\tsvzzeb.dat
C:\WINNT\system32\tsvzzeb_nav.dat
C:\WINNT\system32\tsvzzeb_navps.dat
D:\mes docs jean-yves\internetgamebox.lnk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-16 21:33 . 2008-01-16 21:33 <REP> d-------- C:\WINNT\system32\xircom
2008-01-16 21:33 . 2008-01-16 21:33 <REP> d-------- C:\Program Files\microsoft frontpage
2008-01-16 21:26 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-16 06:40 . 2007-09-22 14:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-16 06:40 . 2007-09-22 15:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-16 06:40 . 2007-09-22 14:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-16 06:40 . 2007-09-22 14:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-01-11 16:58 . 1996-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe
2008-01-11 16:58 . 2005-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys
2008-01-11 16:58 . 2008-01-11 16:58 3,120 --a------ C:\WINNT\system32\118290.54
2008-01-11 16:58 . 2008-01-11 16:58 3,120 --a------ C:\WINNT\118294.78
2008-01-11 16:58 . 2003-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys
2008-01-08 20:05 . 2008-01-08 20:05 244 --ah----- C:\sqmnoopt06.sqm
2008-01-08 19:59 . 2008-01-08 19:59 <REP> d-------- C:\Documents and Settings\jean-yves\Application Data\Talkback
2008-01-07 21:33 . 2008-01-12 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-01-07 19:08 . 2008-01-07 19:08 <REP> d-------- C:\Program Files\Trend Micro
2008-01-04 15:58 . 2008-01-04 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-04 14:55 . 2007-12-04 14:04 837,496 --a------ C:\WINNT\system32\aswBoot.exe
2008-01-04 14:55 . 2004-01-09 10:13 380,928 --a------ C:\WINNT\system32\actskin4.ocx
2008-01-04 14:55 . 2007-12-04 13:54 95,608 --a------ C:\WINNT\system32\AvastSS.scr
2008-01-04 14:55 . 2007-12-04 15:55 94,544 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2008-01-04 14:55 . 2007-12-04 15:56 93,264 --a------ C:\WINNT\system32\drivers\aswmon.sys
2008-01-04 14:55 . 2007-12-04 15:51 42,912 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2008-01-04 14:55 . 2007-12-04 15:49 26,624 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2008-01-04 14:55 . 2007-12-04 15:53 23,152 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2008-01-04 12:56 . 2008-01-04 12:56 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-04 12:55 . 2008-01-04 12:55 <REP> d-------- C:\Documents and Settings\brigitte\Application Data\Ahead
2008-01-03 14:43 . 2008-01-03 14:43 0 --a------ C:\WINNT\nsreg.dat
2008-01-03 14:36 . 2008-01-11 15:00 <REP> d-------- C:\Program Files\Norton Security Scan
2008-01-02 13:29 . 2008-01-02 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Vitalize
2007-12-31 12:35 . 2007-12-31 12:35 <REP> d-------- C:\Program Files\Disney Interactive
2007-12-31 12:35 . 2007-12-31 12:36 858 --a------ C:\WINNT\disney.ini
2007-12-30 13:21 . 2007-12-30 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-30 13:21 . 1999-12-17 10:13 86,016 --a------ C:\WINNT\unvise32.exe
2007-12-30 13:20 . 2007-12-30 13:20 <REP> d-------- C:\Program Files\coktel
2007-12-27 16:00 . 2007-12-27 16:00 <REP> d-------- C:\Documents and Settings\brigitte\Application Data\Samsung
2007-12-25 20:29 . 2007-12-25 20:29 <REP> d-------- C:\Program Files\Infogrames
2007-12-25 19:29 . 2007-12-25 19:29 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-25 19:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINNT\system32\dllcache\sysmain.sdb
2007-12-25 19:29 . 2006-10-04 15:06 764,868 --------- C:\WINNT\system32\dllcache\apph_sp.sdb
2007-12-25 19:29 . 2006-10-04 15:06 217,118 --------- C:\WINNT\system32\dllcache\apphelp.sdb
2007-12-25 15:53 . 2007-12-25 15:53 <REP> d-------- C:\WINNT\Cache
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Program Files\Samsung
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Program Files\Fichiers communs\ST System Shared
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Documents and Settings\jean-yves\Application Data\Samsung
2007-12-25 15:52 . 2004-08-04 00:57 1,712,128 --a------ C:\WINNT\system32\GdiPlus.dll
2007-12-25 15:52 . 2006-11-01 15:26 77,824 --a------ C:\WINNT\system32\xvid.ax
2007-12-25 15:52 . 2004-03-09 09:39 8,704 --a------ C:\WINNT\system32\vidccleaner.exe
2007-12-25 12:22 . 2007-12-25 20:48 <REP> d-------- C:\Program Files\Empire Interactive
2007-12-25 12:14 . 2007-12-25 12:14 <REP> d-------- C:\Program Files\Sega
2007-12-25 12:11 . 2001-12-12 17:34 65,536 --a------ C:\WINNT\wanmpsvc.exe
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Viewpoint
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Real
2007-12-25 12:10 . 2008-01-04 12:56 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\My Music
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Install AIM
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\aolextras
2007-12-25 12:10 . 2007-12-25 12:11 35,890,848 --a------ C:\WINNT\aolback.exe
2007-12-25 12:10 . 2006-09-23 11:12 1,497,088 --a------ C:\WINNT\system32\shdocvw.bak
2007-12-25 12:10 . 2007-12-25 12:10 8,552 --a------ C:\WINNT\system32\drivers\asctrm.sys
2007-12-25 12:09 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
2007-12-25 12:09 . 2007-12-31 16:42 <REP> d-------- C:\Program Files\AOL 7.0
2007-12-25 12:09 . 2001-09-25 09:39 1,044,480 --a------ C:\WINNT\system32\roboex32.dll
2007-12-25 12:09 . 2001-09-25 09:39 153,088 --a------ C:\WINNT\system32\jgdwmie.dll
2007-12-25 12:09 . 2001-09-25 09:39 54,784 --a------ C:\WINNT\system32\Inetwh32.dll
2007-12-25 12:09 . 2001-09-25 09:38 29,184 --a------ C:\WINNT\system32\popup.ocx
2007-12-25 12:09 . 2001-09-27 10:58 28,396 --a------ C:\WINNT\system32\drivers\wanatw4.sys
2007-12-25 12:09 . 2001-11-26 23:41 24,641 --a------ C:\WINNT\system32\aolddial.dll
2007-12-25 12:07 . 2007-12-25 12:11 358 --ah----- C:\IPH.PH
2007-12-22 09:37 . 2007-12-22 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 09:10 . 2007-12-22 09:19 <REP> d-------- C:\Program Files\Panda Security
2007-12-20 21:40 . 2008-01-04 09:13 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-20 21:02 . 2007-12-20 21:02 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-20 20:24 . 2005-09-23 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-12-19 21:50 . 2007-12-19 21:50 300,544 --a------ C:\WINNT\system32\ajesin.exe
2007-12-19 14:15 . 2007-12-19 14:21 <REP> d-------- C:\de3f06edfd75e82d8e92e7d19188bc
2007-12-16 10:44 . 2007-12-16 10:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-16 10:43 . 2007-12-16 10:43 <REP> d-------- C:\Program Files\Windows Live
2007-12-16 10:43 . 2007-12-16 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-15 12:33 --------- d-----w C:\Program Files\microsoft money 2005
2008-01-15 12:29 964 ----a-w C:\Documents and Settings\brigitte\Application Data\wklnhst.dat
2008-01-15 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-15 12:02 5,554 ----a-w C:\Documents and Settings\jean-yves\Application Data\wklnhst.dat
2008-01-13 08:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 13:35 --------- d-----w C:\Program Files\Fichiers communs\MenacesProtection
2008-01-04 11:55 --------- d-----w C:\Program Files\Google
2007-12-25 14:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-20 20:39 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-20 19:12 --------- d-----w C:\Documents and Settings\brigitte\Application Data\Spyware Terminator
2007-12-15 12:18 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-14 21:41 --------- d-----w C:\Documents and Settings\camille\Application Data\Spyware Terminator
2007-12-06 19:54 19,456 ----a-w C:\WINNT\system32\drivers\indmmama.dat
2007-12-05 20:11 --------- d-----w C:\Documents and Settings\jean-yves\Application Data\MenacesProtection
2007-11-27 19:45 --------- d-----w C:\Program Files\Java
2007-11-27 16:18 --------- d-----w C:\Program Files\MSN Messenger
2007-11-24 12:06 --------- d-----w C:\Program Files\USBDisk
2007-11-16 21:53 --------- d-----w C:\Program Files\Shareaza
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD507CF6-72F8-4EA6-926F-4E52388E152B}]
2004-08-05 12:00 100096 --a------ C:\WINNT\system32\dmoc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 03:05 4354048]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 09:59 68856]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 12:12 55296 C:\WINNT\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-03 14:45 185632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-11 00:49 124928 C:\WINNT\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

R0 eqcfranp;eqcfranp;C:\WINNT\system32\drivers\indmmama.dat []
R2 UxTuneUp;Extension de conception TuneUp;C:\WINNT\System32\svchost.exe [2004-08-05 12:00]
R3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINNT\system32\Drivers\cam1210.sys [2006-07-24 16:49]
S3 usbscan;Pilote de scanneur USB;C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 18:25:53 C:\WINNT\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 15:35:01 C:\WINNT\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 21:33:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 21:35:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 20:35:51
.
2008-01-09 06:31:31 --- E O F ---
16 Janvier 2008 22:02:27

Re ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

DirLook::
C:\de3f06edfd75e82d8e92e7d19188bc

Driver::
eqcfranp

File::
C:\WINNT\system32\ajesin.exe
C:\WINNT\system32\dmoc.dll
C:\WINNT\system32\drivers\indmmama.dat

Folder::
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD507CF6-72F8-4EA6-926F-4E52388E152B}]

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )
16 Janvier 2008 22:16:16

est ce ceci ?

ComboFix 08-01-16.4 - jean-yves 2008-01-16 21:27:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.226 [GMT 1:00]
Running from: C:\Documents and Settings\jean-yves\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\jean-yves\Bureau\sudoplanet.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\Conditions générales.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\Confidentialité.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\SudoPlanet.lnk
C:\Documents and Settings\jean-yves\Menu Démarrer\Programmes\SudoPlanet\Website.lnk
C:\Documents and Settings\jean-yves\ResErrors.log
C:\Program Files\sudoplanet
C:\Program Files\sudoplanet\Conditions générales.url
C:\Program Files\sudoplanet\Confidentialité.url
C:\Program Files\sudoplanet\SudoPlanet.dll
C:\Program Files\sudoplanet\SudoPlanet.exe
C:\Program Files\sudoplanet\Website.url
C:\WINNT\pack.epk
C:\WINNT\system32\fgejtomem.dat
C:\WINNT\system32\fgejtomem_nav.dat
C:\WINNT\system32\fgejtomem_navps.dat
C:\WINNT\system32\gmrkfli.dat
C:\WINNT\system32\gmrkfli_nav.dat
C:\WINNT\system32\gmrkfli_navps.dat
c:\WINNT\system32\qjannjlpy.dat
C:\WINNT\system32\qjannjlpy.exe
c:\WINNT\system32\qjannjlpy_nav.dat
c:\WINNT\system32\qjannjlpy_navps.dat
C:\WINNT\system32\tsvzzeb.dat
C:\WINNT\system32\tsvzzeb_nav.dat
C:\WINNT\system32\tsvzzeb_navps.dat
D:\mes docs jean-yves\internetgamebox.lnk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-16 21:33 . 2008-01-16 21:33 <REP> d-------- C:\WINNT\system32\xircom
2008-01-16 21:33 . 2008-01-16 21:33 <REP> d-------- C:\Program Files\microsoft frontpage
2008-01-16 21:26 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-16 06:40 . 2007-09-22 14:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-16 06:40 . 2007-09-22 15:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-16 06:40 . 2007-09-22 14:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-16 06:40 . 2007-09-22 14:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-01-11 16:58 . 1996-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe
2008-01-11 16:58 . 2005-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys
2008-01-11 16:58 . 2008-01-11 16:58 3,120 --a------ C:\WINNT\system32\118290.54
2008-01-11 16:58 . 2008-01-11 16:58 3,120 --a------ C:\WINNT\118294.78
2008-01-11 16:58 . 2003-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys
2008-01-08 20:05 . 2008-01-08 20:05 244 --ah----- C:\sqmnoopt06.sqm
2008-01-08 19:59 . 2008-01-08 19:59 <REP> d-------- C:\Documents and Settings\jean-yves\Application Data\Talkback
2008-01-07 21:33 . 2008-01-12 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-01-07 19:08 . 2008-01-07 19:08 <REP> d-------- C:\Program Files\Trend Micro
2008-01-04 15:58 . 2008-01-04 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-04 14:55 . 2007-12-04 14:04 837,496 --a------ C:\WINNT\system32\aswBoot.exe
2008-01-04 14:55 . 2004-01-09 10:13 380,928 --a------ C:\WINNT\system32\actskin4.ocx
2008-01-04 14:55 . 2007-12-04 13:54 95,608 --a------ C:\WINNT\system32\AvastSS.scr
2008-01-04 14:55 . 2007-12-04 15:55 94,544 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2008-01-04 14:55 . 2007-12-04 15:56 93,264 --a------ C:\WINNT\system32\drivers\aswmon.sys
2008-01-04 14:55 . 2007-12-04 15:51 42,912 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2008-01-04 14:55 . 2007-12-04 15:49 26,624 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2008-01-04 14:55 . 2007-12-04 15:53 23,152 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2008-01-04 12:56 . 2008-01-04 12:56 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-04 12:55 . 2008-01-04 12:55 <REP> d-------- C:\Documents and Settings\brigitte\Application Data\Ahead
2008-01-03 14:43 . 2008-01-03 14:43 0 --a------ C:\WINNT\nsreg.dat
2008-01-03 14:36 . 2008-01-11 15:00 <REP> d-------- C:\Program Files\Norton Security Scan
2008-01-02 13:29 . 2008-01-02 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Vitalize
2007-12-31 12:35 . 2007-12-31 12:35 <REP> d-------- C:\Program Files\Disney Interactive
2007-12-31 12:35 . 2007-12-31 12:36 858 --a------ C:\WINNT\disney.ini
2007-12-30 13:21 . 2007-12-30 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-30 13:21 . 1999-12-17 10:13 86,016 --a------ C:\WINNT\unvise32.exe
2007-12-30 13:20 . 2007-12-30 13:20 <REP> d-------- C:\Program Files\coktel
2007-12-27 16:00 . 2007-12-27 16:00 <REP> d-------- C:\Documents and Settings\brigitte\Application Data\Samsung
2007-12-25 20:29 . 2007-12-25 20:29 <REP> d-------- C:\Program Files\Infogrames
2007-12-25 19:29 . 2007-12-25 19:29 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-25 19:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINNT\system32\dllcache\sysmain.sdb
2007-12-25 19:29 . 2006-10-04 15:06 764,868 --------- C:\WINNT\system32\dllcache\apph_sp.sdb
2007-12-25 19:29 . 2006-10-04 15:06 217,118 --------- C:\WINNT\system32\dllcache\apphelp.sdb
2007-12-25 15:53 . 2007-12-25 15:53 <REP> d-------- C:\WINNT\Cache
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Program Files\Samsung
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Program Files\Fichiers communs\ST System Shared
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Documents and Settings\jean-yves\Application Data\Samsung
2007-12-25 15:52 . 2004-08-04 00:57 1,712,128 --a------ C:\WINNT\system32\GdiPlus.dll
2007-12-25 15:52 . 2006-11-01 15:26 77,824 --a------ C:\WINNT\system32\xvid.ax
2007-12-25 15:52 . 2004-03-09 09:39 8,704 --a------ C:\WINNT\system32\vidccleaner.exe
2007-12-25 12:22 . 2007-12-25 20:48 <REP> d-------- C:\Program Files\Empire Interactive
2007-12-25 12:14 . 2007-12-25 12:14 <REP> d-------- C:\Program Files\Sega
2007-12-25 12:11 . 2001-12-12 17:34 65,536 --a------ C:\WINNT\wanmpsvc.exe
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Viewpoint
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Real
2007-12-25 12:10 . 2008-01-04 12:56 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\My Music
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Install AIM
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\aolextras
2007-12-25 12:10 . 2007-12-25 12:11 35,890,848 --a------ C:\WINNT\aolback.exe
2007-12-25 12:10 . 2006-09-23 11:12 1,497,088 --a------ C:\WINNT\system32\shdocvw.bak
2007-12-25 12:10 . 2007-12-25 12:10 8,552 --a------ C:\WINNT\system32\drivers\asctrm.sys
2007-12-25 12:09 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
2007-12-25 12:09 . 2007-12-31 16:42 <REP> d-------- C:\Program Files\AOL 7.0
2007-12-25 12:09 . 2001-09-25 09:39 1,044,480 --a------ C:\WINNT\system32\roboex32.dll
2007-12-25 12:09 . 2001-09-25 09:39 153,088 --a------ C:\WINNT\system32\jgdwmie.dll
2007-12-25 12:09 . 2001-09-25 09:39 54,784 --a------ C:\WINNT\system32\Inetwh32.dll
2007-12-25 12:09 . 2001-09-25 09:38 29,184 --a------ C:\WINNT\system32\popup.ocx
2007-12-25 12:09 . 2001-09-27 10:58 28,396 --a------ C:\WINNT\system32\drivers\wanatw4.sys
2007-12-25 12:09 . 2001-11-26 23:41 24,641 --a------ C:\WINNT\system32\aolddial.dll
2007-12-25 12:07 . 2007-12-25 12:11 358 --ah----- C:\IPH.PH
2007-12-22 09:37 . 2007-12-22 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 09:10 . 2007-12-22 09:19 <REP> d-------- C:\Program Files\Panda Security
2007-12-20 21:40 . 2008-01-04 09:13 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-20 21:02 . 2007-12-20 21:02 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-20 20:24 . 2005-09-23 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-12-19 21:50 . 2007-12-19 21:50 300,544 --a------ C:\WINNT\system32\ajesin.exe
2007-12-19 14:15 . 2007-12-19 14:21 <REP> d-------- C:\de3f06edfd75e82d8e92e7d19188bc
2007-12-16 10:44 . 2007-12-16 10:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-16 10:43 . 2007-12-16 10:43 <REP> d-------- C:\Program Files\Windows Live
2007-12-16 10:43 . 2007-12-16 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-15 12:33 --------- d-----w C:\Program Files\microsoft money 2005
2008-01-15 12:29 964 ----a-w C:\Documents and Settings\brigitte\Application Data\wklnhst.dat
2008-01-15 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-15 12:02 5,554 ----a-w C:\Documents and Settings\jean-yves\Application Data\wklnhst.dat
2008-01-13 08:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 13:35 --------- d-----w C:\Program Files\Fichiers communs\MenacesProtection
2008-01-04 11:55 --------- d-----w C:\Program Files\Google
2007-12-25 14:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-20 20:39 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-20 19:12 --------- d-----w C:\Documents and Settings\brigitte\Application Data\Spyware Terminator
2007-12-15 12:18 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-14 21:41 --------- d-----w C:\Documents and Settings\camille\Application Data\Spyware Terminator
2007-12-06 19:54 19,456 ----a-w C:\WINNT\system32\drivers\indmmama.dat
2007-12-05 20:11 --------- d-----w C:\Documents and Settings\jean-yves\Application Data\MenacesProtection
2007-11-27 19:45 --------- d-----w C:\Program Files\Java
2007-11-27 16:18 --------- d-----w C:\Program Files\MSN Messenger
2007-11-24 12:06 --------- d-----w C:\Program Files\USBDisk
2007-11-16 21:53 --------- d-----w C:\Program Files\Shareaza
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD507CF6-72F8-4EA6-926F-4E52388E152B}]
2004-08-05 12:00 100096 --a------ C:\WINNT\system32\dmoc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 03:05 4354048]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 09:59 68856]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 12:12 55296 C:\WINNT\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-03 14:45 185632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-11 00:49 124928 C:\WINNT\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

R0 eqcfranp;eqcfranp;C:\WINNT\system32\drivers\indmmama.dat []
R2 UxTuneUp;Extension de conception TuneUp;C:\WINNT\System32\svchost.exe [2004-08-05 12:00]
R3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINNT\system32\Drivers\cam1210.sys [2006-07-24 16:49]
S3 usbscan;Pilote de scanneur USB;C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 18:25:53 C:\WINNT\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 15:35:01 C:\WINNT\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 21:33:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 21:35:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 20:35:51
.
2008-01-09 06:31:31 --- E O F ---
16 Janvier 2008 22:36:40

Tu as reposté le premier
16 Janvier 2008 22:59:58

ComboFix 08-01-16.4 - jean-yves 2008-01-16 22:49:26.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.208 [GMT 1:00]
Running from: C:\Documents and Settings\jean-yves\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jean-yves\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINNT\system32\ajesin.exe
C:\WINNT\system32\dmoc.dll
C:\WINNT\system32\drivers\indmmama.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\BlueStreak.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts2Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetastreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewClassID.ini
C:\WINNT\system32\ajesin.exe
C:\WINNT\system32\dmoc.dll
C:\WINNT\system32\drivers\indmmama.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_EQCFRANP
-------\eqcfranp


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-16 21:35 . <REP> C:\Documents and Settings\lÚa\Local Settings
2008-01-16 21:35 . <REP> C:\Documents and Settings\lÚa\Local Settings
2008-01-16 21:33 . 2008-01-16 21:33 <REP> d-------- C:\WINNT\system32\xircom
2008-01-16 21:33 . 2008-01-16 21:33 <REP> d-------- C:\Program Files\microsoft frontpage
2008-01-16 21:26 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-16 06:40 . 2007-09-22 14:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-16 06:40 . 2007-09-22 15:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-16 06:40 . 2007-09-22 15:59 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-16 06:40 . 2007-09-22 14:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-16 06:40 . 2007-09-22 14:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-01-11 16:58 . 1996-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe
2008-01-11 16:58 . 2005-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys
2008-01-11 16:58 . 2008-01-11 16:58 3,120 --a------ C:\WINNT\system32\118290.54
2008-01-11 16:58 . 2008-01-11 16:58 3,120 --a------ C:\WINNT\118294.78
2008-01-11 16:58 . 2003-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys
2008-01-08 20:05 . 2008-01-08 20:05 244 --ah----- C:\sqmnoopt06.sqm
2008-01-08 19:59 . 2008-01-08 19:59 <REP> d-------- C:\Documents and Settings\jean-yves\Application Data\Talkback
2008-01-07 21:33 . 2008-01-12 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-01-07 19:08 . 2008-01-07 19:08 <REP> d-------- C:\Program Files\Trend Micro
2008-01-04 15:58 . 2008-01-04 15:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-04 14:55 . 2007-12-04 14:04 837,496 --a------ C:\WINNT\system32\aswBoot.exe
2008-01-04 14:55 . 2004-01-09 10:13 380,928 --a------ C:\WINNT\system32\actskin4.ocx
2008-01-04 14:55 . 2007-12-04 13:54 95,608 --a------ C:\WINNT\system32\AvastSS.scr
2008-01-04 14:55 . 2007-12-04 15:55 94,544 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2008-01-04 14:55 . 2007-12-04 15:56 93,264 --a------ C:\WINNT\system32\drivers\aswmon.sys
2008-01-04 14:55 . 2007-12-04 15:51 42,912 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2008-01-04 14:55 . 2007-12-04 15:49 26,624 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2008-01-04 14:55 . 2007-12-04 15:53 23,152 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2008-01-04 12:56 . 2008-01-04 12:56 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-04 12:55 . 2008-01-04 12:55 <REP> d-------- C:\Documents and Settings\brigitte\Application Data\Ahead
2008-01-03 14:43 . 2008-01-03 14:43 0 --a------ C:\WINNT\nsreg.dat
2008-01-03 14:36 . 2008-01-11 15:00 <REP> d-------- C:\Program Files\Norton Security Scan
2008-01-02 13:29 . 2008-01-02 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Vitalize
2007-12-31 12:35 . 2007-12-31 12:35 <REP> d-------- C:\Program Files\Disney Interactive
2007-12-31 12:35 . 2007-12-31 12:36 858 --a------ C:\WINNT\disney.ini
2007-12-30 13:21 . 2007-12-30 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-30 13:21 . 1999-12-17 10:13 86,016 --a------ C:\WINNT\unvise32.exe
2007-12-30 13:20 . 2007-12-30 13:20 <REP> d-------- C:\Program Files\coktel
2007-12-27 16:00 . 2007-12-27 16:00 <REP> d-------- C:\Documents and Settings\brigitte\Application Data\Samsung
2007-12-25 20:29 . 2007-12-25 20:29 <REP> d-------- C:\Program Files\Infogrames
2007-12-25 19:29 . 2007-12-25 19:29 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-25 19:29 . 2006-10-04 15:06 1,197,294 --------- C:\WINNT\system32\dllcache\sysmain.sdb
2007-12-25 19:29 . 2006-10-04 15:06 764,868 --------- C:\WINNT\system32\dllcache\apph_sp.sdb
2007-12-25 19:29 . 2006-10-04 15:06 217,118 --------- C:\WINNT\system32\dllcache\apphelp.sdb
2007-12-25 15:53 . 2007-12-25 15:53 <REP> d-------- C:\WINNT\Cache
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Program Files\Samsung
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Program Files\Fichiers communs\ST System Shared
2007-12-25 15:52 . 2007-12-25 15:52 <REP> d-------- C:\Documents and Settings\jean-yves\Application Data\Samsung
2007-12-25 15:52 . 2004-08-04 00:57 1,712,128 --a------ C:\WINNT\system32\GdiPlus.dll
2007-12-25 15:52 . 2006-11-01 15:26 77,824 --a------ C:\WINNT\system32\xvid.ax
2007-12-25 15:52 . 2004-03-09 09:39 8,704 --a------ C:\WINNT\system32\vidccleaner.exe
2007-12-25 12:22 . 2007-12-25 20:48 <REP> d-------- C:\Program Files\Empire Interactive
2007-12-25 12:14 . 2007-12-25 12:14 <REP> d-------- C:\Program Files\Sega
2007-12-25 12:11 . 2001-12-12 17:34 65,536 --a------ C:\WINNT\wanmpsvc.exe
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Real
2007-12-25 12:10 . 2008-01-04 12:56 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\My Music
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\Install AIM
2007-12-25 12:10 . 2007-12-25 12:10 <REP> d-------- C:\aolextras
2007-12-25 12:10 . 2007-12-25 12:11 35,890,848 --a------ C:\WINNT\aolback.exe
2007-12-25 12:10 . 2006-09-23 11:12 1,497,088 --a------ C:\WINNT\system32\shdocvw.bak
2007-12-25 12:10 . 2007-12-25 12:10 8,552 --a------ C:\WINNT\system32\drivers\asctrm.sys
2007-12-25 12:09 . 2007-12-25 12:10 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
2007-12-25 12:09 . 2007-12-31 16:42 <REP> d-------- C:\Program Files\AOL 7.0
2007-12-25 12:09 . 2001-09-25 09:39 1,044,480 --a------ C:\WINNT\system32\roboex32.dll
2007-12-25 12:09 . 2001-09-25 09:39 153,088 --a------ C:\WINNT\system32\jgdwmie.dll
2007-12-25 12:09 . 2001-09-25 09:39 54,784 --a------ C:\WINNT\system32\Inetwh32.dll
2007-12-25 12:09 . 2001-09-25 09:38 29,184 --a------ C:\WINNT\system32\popup.ocx
2007-12-25 12:09 . 2001-09-27 10:58 28,396 --a------ C:\WINNT\system32\drivers\wanatw4.sys
2007-12-25 12:09 . 2001-11-26 23:41 24,641 --a------ C:\WINNT\system32\aolddial.dll
2007-12-25 12:07 . 2007-12-25 12:11 358 --ah----- C:\IPH.PH
2007-12-22 09:37 . 2007-12-22 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 09:10 . 2007-12-22 09:19 <REP> d-------- C:\Program Files\Panda Security
2007-12-20 21:40 . 2008-01-04 09:13 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-20 21:02 . 2007-12-20 21:02 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-12-20 20:24 . 2005-09-23 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-12-19 14:15 . 2007-12-19 14:21 <REP> d-------- C:\de3f06edfd75e82d8e92e7d19188bc
2007-12-16 10:44 . 2007-12-16 10:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-16 10:43 . 2007-12-16 10:43 <REP> d-------- C:\Program Files\Windows Live
2007-12-16 10:43 . 2007-12-16 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-15 12:33 --------- d-----w C:\Program Files\microsoft money 2005
2008-01-15 12:29 964 ----a-w C:\Documents and Settings\brigitte\Application Data\wklnhst.dat
2008-01-15 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-15 12:02 5,554 ----a-w C:\Documents and Settings\jean-yves\Application Data\wklnhst.dat
2008-01-13 08:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 13:35 --------- d-----w C:\Program Files\Fichiers communs\MenacesProtection
2008-01-04 11:55 --------- d-----w C:\Program Files\Google
2007-12-25 14:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-20 20:39 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-20 19:12 --------- d-----w C:\Documents and Settings\brigitte\Application Data\Spyware Terminator
2007-12-15 12:18 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-14 21:41 --------- d-----w C:\Documents and Settings\camille\Application Data\Spyware Terminator
2007-12-05 20:11 --------- d-----w C:\Documents and Settings\jean-yves\Application Data\MenacesProtection
2007-11-27 19:45 --------- d-----w C:\Program Files\Java
2007-11-27 16:18 --------- d-----w C:\Program Files\MSN Messenger
2007-11-24 12:06 --------- d-----w C:\Program Files\USBDisk
2007-11-16 21:53 --------- d-----w C:\Program Files\Shareaza
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\de3f06edfd75e82d8e92e7d19188bc ----

2007-04-10 14:00 236928 --a------ C:\de3f06edfd75e82d8e92e7d19188bc\wgalogon.dll
2006-12-10 14:10 225072 --a------ C:\de3f06edfd75e82d8e92e7d19188bc\spuninst.exe
2006-12-10 14:10 15664 --a------ C:\de3f06edfd75e82d8e92e7d19188bc\spmsg.dll


((((((((((((((((((((((((((((( snapshot@2008-01-16_21.35.30.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 20:27:25 1,413,120 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 21:49:16 1,413,120 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 20:27:25 8,192 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 21:49:16 8,192 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 20:27:25 1,413,120 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 21:49:16 1,413,120 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 20:27:25 8,192 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 21:49:16 8,192 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 20:27:25 5,226,496 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 21:49:16 5,230,592 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-16 20:27:25 131,072 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 21:49:16 131,072 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 21:54:03 16,384 ----atw C:\WINNT\Temp\Perflib_Perfdata_5bc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 03:05 4354048]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 09:59 68856]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 12:12 55296 C:\WINNT\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-03 14:45 185632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-11 00:49 124928 C:\WINNT\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

R2 UxTuneUp;Extension de conception TuneUp;C:\WINNT\System32\svchost.exe [2004-08-05 12:00]
R3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINNT\system32\Drivers\cam1210.sys [2006-07-24 16:49]
S3 usbscan;Pilote de scanneur USB;C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 18:25:53 C:\WINNT\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 15:35:01 C:\WINNT\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 22:55:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Je pense que celui ci est correct.
Cela te montre vraiment mon amateurisme en informatique.

Completion time: 2008-01-16 22:57:07 - machine was rebooted [jean-yves]
ComboFix-quarantined-files.txt 2008-01-16 21:57:03
ComboFix2.txt 2008-01-16 20:35:56
.
2008-01-09 06:31:31 --- E O F ---
16 Janvier 2008 23:36:52

Je dois quitter le pc
Je reprendrais demain soir.
Bonne soirée éric.
17 Janvier 2008 00:35:35


Re ,

c'est ok :) 

reposte un Hijackthis , puis

Télécharge Clean [:eric_71:4] < ici

décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
choisis l'option 1 puis patiente

un rapport est généré , poste ce rapport ( C:\rapport_clean.txt )
17 Janvier 2008 17:32:12

Bonjour,

Voici le rapport hijackthis et je télécharge clean

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:54, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\alg.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-1644491937-839522115-1006\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'brigitte')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-1614895754-1644491937-839522115-1006 Startup: ADILOOK Français sur disque C.LNK = C:\COKTEL\ADI4\ADILOOK.EXE (User 'brigitte')
O4 - S-1-5-21-1614895754-1644491937-839522115-1006 User Startup: ADILOOK Français sur disque C.LNK = C:\COKTEL\ADI4\ADILOOK.EXE (User 'brigitte')
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\system32\shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://download.clickteam.com/vitalize3/vitalize.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 6869 bytes
17 Janvier 2008 17:56:20

Faut il faire entrée apres avoir pris l'option 1
17 Janvier 2008 18:39:38

Au secour !!!!!

Quand je fait entrée apres avoir choisi l'option1, tout s'efface au bout de 3 à 4 secondes
Est ce une erreur de ma part ?
17 Janvier 2008 18:49:15

dans quoi l'option 1 ? je veux dire de quelle logiciel du parle ?
17 Janvier 2008 19:18:38

Suite au message de eric 71 , il fallait que je telecharge CLEAN
Et il disait :

décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
choisis l'option 1 puis patiente

un rapport est généré , poste ce rapport ( C:\rapport_clean.txt )
17 Janvier 2008 20:11:37


Re ,

tu es sur de bien l'avoir décompressé et de lancer le bon fichier ?
17 Janvier 2008 21:38:40

Re,

Je pense, mais je vais reessayer !!!
Dois je faire entrée apres avoir choisi 1 ?
17 Janvier 2008 23:21:41


Oui
18 Janvier 2008 17:29:24

Bonsoir,

Impossiblee d'avoir le rapport clean.
Après avoir valider l'option 1, la fenêtre sur fond noir disparait au bout de 3 à 4 secondes.

Mis a part ce petit probleme technique, j'ai l'impression que mon virus à disparu car je n'ai plus d'alerte.
Je fais un scann Avast puis te donne de mes nouvelles pour les suites à donner a ce dépanage.
18 Janvier 2008 20:04:09


Re ,

Laisse tomber pour Clean ,

Télécharge ToolsCleaner2 [:eric_71:15] < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter] , ceci va créer un rapport
Poste le rapport ( C:\TCleaner.txt )

18 Janvier 2008 22:17:34

re,
le rapport Avast me met qu'il y a aucun fichier infecter.
Donc à mon avis, tout est nickel.
Est ce que je dois inscrire quelque chose quelque part pour dire que je suis depanné ?
Encore merci à toi éric_71. Bonne continuation.
Les amateurs en informatique ont vraiment besoin de personnes comme toi.
Bonne année 2008
18 Janvier 2008 22:20:20

Je viens de m'appercevoir que tu m'avais envoyé un message.
J'execute et t'envoie le rapport. Si j'y arrive !!!!!!
5 Février 2008 00:57:05

Bonjour à tous, alors voici mon rapport grâce à ComboFix.exe

((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-04 10:51 . 2008-02-04 21:44 <REP> d-------- H:\Program Files\Lavasoft
2008-02-04 10:51 . 2008-02-04 11:21 <REP> d-------- H:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 10:50 . 2008-02-04 21:44 <REP> d-------- H:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-04 10:46 . 2008-02-04 10:46 16,384 --a------ H:\WINDOWS\system32\drvcuw.dll
2008-01-23 00:37 . 2008-01-23 00:37 <REP> d--h----- H:\WINDOWS\PIF
2008-01-13 02:11 . 2008-01-14 22:48 <REP> d-------- H:\Program Files\Mio Technology
2008-01-11 01:26 . 2007-07-27 04:44 37,768 -ra------ H:\WINDOWS\system32\drivers\OLDB.tmp
2008-01-11 01:26 . 2004-08-20 01:00 32,128 --a------ H:\WINDOWS\system32\drivers\wceusbsh.sys
2008-01-11 01:26 . 2004-08-20 01:00 32,128 --a--c--- H:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-01-10 19:37 . 2008-01-10 19:37 <REP> d-------- H:\Program Files\Fichiers communs\Ankiro
2008-01-10 19:36 . 2008-02-05 00:29 <REP> d-------- H:\Program Files\SPAMfighter
2008-01-10 19:36 . 2008-01-10 19:36 <REP> d-------- H:\Program Files\Fichiers communs\Application

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 23:25 --------- d-----w H:\Program Files\Fichiers communs\Symantec Shared
2008-02-04 22:24 --------- d-----w H:\Program Files\eMule
2008-02-04 22:13 --------- d-----w H:\Program Files\Norton Utilities
2008-02-04 10:20 12,632 ----a-w H:\WINDOWS\system32\lsdelete.exe
2008-02-04 09:52 --------- d-----w H:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-04 09:47 --------- d-----w H:\Documents and Settings\All Users\Application Data\Symantec
2008-02-01 20:50 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 20:59 --------- d-----w H:\Documents and Settings\franck\Application Data\Active Disk
2008-01-15 08:54 10,537 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 12:21 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-01-12 17:32 23,904 ----a-w H:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-06 13:29 --------- d-----w H:\Documents and Settings\franck\Application Data\Skype
2007-12-05 12:27 805 ----a-w H:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 12:27 60,800 ----a-w H:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 12:27 123,952 ----a-w H:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 12:27 10,740 ----a-w H:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 12:27 --------- d-----w H:\Program Files\Symantec
2007-11-07 09:28 728,576 ----a-w H:\WINDOWS\system32\lsasrv.dll
2006-06-23 06:48 32,768 ----a-r H:\WINDOWS\inf\UpdateUSB.exe
2007-06-20 20:33 6,530 --sh--w H:\WINDOWS\system32\cbadd.bak1
2007-06-22 23:22 982,027 --sh--w H:\WINDOWS\system32\ihhkj.bak1
2007-07-04 17:53 951,499 --sh--w H:\WINDOWS\system32\ihhkj.bak2
2007-07-04 22:50 950,400 --sh--w H:\WINDOWS\system32\ihhkj.ini2
2007-06-21 22:17 6,530 --sh--w H:\WINDOWS\system32\sttss.bak1
2007-07-09 18:45 944,288 --sh--w H:\WINDOWS\system32\ttvwa.bak1
2007-07-27 09:30 752,771 --sh--w H:\WINDOWS\system32\ttvwa.bak2
2007-07-27 09:47 752,689 --sh--w H:\WINDOWS\system32\ttvwa.ini2
2007-06-21 20:17 6,530 --sh--w H:\WINDOWS\system32\wvvwa.bak1
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"AdsCleaner"="H:\Program Files\SoftInform\AdsCleaner Professional\AdsCleaner.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
"Genric Host Process"="mswin32ex" []
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="H:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"SoundMAX"="H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"JMB36X Configure"="H:\WINDOWS\System32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NvCplDaemon"="H:\WINDOWS\System32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 11:22 86016 H:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="H:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"HPDJ Taskbar Utility"="H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 20:50 196608]
"ADUserMon"="H:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39 147456]
"Iomega Drive Icons"="H:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30 86016]
"Deskup"="H:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55 32768]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"Acrobat Assistant 7.0"="H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]
"PWRISOVM.EXE"="H:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09 200704]
"ccApp"="H:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="H:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"Symantec PIF AlertEng"="H:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"QuickTime Task"="H:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"spc1000"="H:\WINDOWS\vspc1000.exe" [2007-07-12 14:59 675840]
"SPAMfighter Agent"="H:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"MSDisp32"="H:\WINDOWS\system32\drvcuw.dll" [2008-02-04 10:46 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

H:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Acrobat Speed Launcher.lnk - H:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-06-26 23:27:02 25214]
Norton System Doctor.lnk - H:\Program Files\Norton Utilities\SYSDOC32.EXE [2007-08-24 19:20:46 24614]
Outil de mise … jour Google.lnk - H:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-06 13:24:40 124912]
VPro1000.lnk - H:\WINDOWS\VPro1000.exe [2007-11-28 21:15:53 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtt]
H:\WINDOWS\System32\awvtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvw]
H:\WINDOWS\System32\awvvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc]
H:\WINDOWS\System32\ddabc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhi]
H:\WINDOWS\System32\jkhhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkljgf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstts]
H:\WINDOWS\System32\sstts.dll

R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-08 14:46]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"H:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 NPDriver;Norton Unerase Protection Driver;H:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2001-08-10 05:00]
S3 DCamUSBIntel;Caméra vidéo USB pour la technologie Intel Proshare;H:\WINDOWS\system32\DRIVERS\usbintel.sys [2004-08-04 07:08]
S3 phaudlwr;Philips Audio Filter;H:\WINDOWS\system32\DRIVERS\phaudlwr.sys [2007-07-12 14:58]
S3 SPC1000;USB2.0 PC Camera (SPC1000);H:\WINDOWS\system32\DRIVERS\spc1000.sys [2007-07-12 15:00]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F11A105A-0059-4281-9D53-71C0ABE14F7C}]
mswin32ex
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-09 09:38:02 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- H:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 19:25:33 H:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - franck.job"
- H:\PROGRA~1\NORTON~3\NORTON~1\Navw32.exeh/TASK:
.
5 Février 2008 00:57:46

donc alors merci pour votre aide car cette croix et ce triangle.... je n'en peux plus !!! ^^
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS