Votre question

Impossible d'installer antivirus

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Octobre 2007 13:30:16

Bonjour,
J'ai un très gros probleme, mon antivirus a disparu, spybot a disparu
(du moins les executables), el mode sans echec ne fonctionne plus
si j'essaie de réinstaller un antivirus les exe disparaissent, je ne vois plu s mon répertoire (Local settinf/temporary internet file).
Voici un Hijack que j'ai fait de ma machine

Logfile of HijackThis v1.99.1
Scan saved at 13:28 , on 31/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe
C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Program Files\Equant\Dialer\EACSys.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Equant\Dialer\Safenet\IreIKE.exe
C:\Program Files\Equant\Dialer\Safenet\IPSecMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Raccourci vers APLUS.lnk = ?
O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EED0678-28EE-494A-9E9E-91C392530A9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFB8148-DB58-4958-B9B1-DBDA6F49A41E}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Equant\Dialer\Safenet\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Equant\Dialer\Safenet\IreIKE.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

Merci de bien vouloir m'aider car là je déserpère

Autres pages sur : impossible installer antivirus

a b 8 Sécurité
31 Octobre 2007 13:46:00

Bonjour,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
31 Octobre 2007 14:35:19

Voici le rapport de GMER AngerDark

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-31 14:43:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwClose
SSDT 820B1CC0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwCreateDirectoryObject
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwMakeTemporaryObject
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwQueryInformationFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwReadFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwUnmapViewOfSection
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\PROCEXP110.SYS Le fichier spécifié est introuvable.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[380] SHELL32.dll!SHFileOperationW 7CA7FD0A 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F846A1DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F846A1DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F846A454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F846A1DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F845DF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F6C13180] SYMTDI.SYS
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F844C66E] PQV2i.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F846A1DE] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F846A1DE] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F845DF4C] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F845DF4C] fltmgr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE
Contenus similaires
a b 8 Sécurité
31 Octobre 2007 14:55:38

Héberge ce rapport sur C*Joint car il n'est pas complet sur le forum.
31 Octobre 2007 15:01:12

AngelDark, je ne sais pas ce qu'est C*joint, ni la marche a suivre pour héberger mon rapport

Merci par avance
a b 8 Sécurité
31 Octobre 2007 15:47:00

Le site se nomme C-Joint
a b 8 Sécurité
31 Octobre 2007 17:17:27

C'est apparemment ok.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    2 Novembre 2007 11:45:59

    Bonjour, voici le rapport de Combofix
    Petite précision, j'arrive a installer maintenant un antivirus (avast) ainsi que Spybot mais n'arrive pas a lancer la protéction résidente d'avast et ai des acces refusés par spybot
    Merci de m'aider svp

    ComboFix 07-10-29.1 - RAFAEL 2007-10-31 18:21:14.1 - NTFSx86
    Running from: C:\Documents and Settings\RAFAEL\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\WebMediaPlayer
    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\ykpbexamrd.dat
    C:\WINDOWS\system32\ykpbexamrd_nav.dat
    C:\WINDOWS\system32\ykpbexamrd_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NPF
    -------\LEGACY_SROSA
    -------\NPF


    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-31 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-31 17:09 85,760 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-31 17:09 83,968 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-31 17:09 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-31 17:09 24,240 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-31 17:09 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-31 17:08 <REP> d-------- C:\Program Files\Alwil Software
    2007-10-31 17:08 503,296 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-10-31 17:08 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-10-31 13:49 <REP> d-------- C:\Documents and Settings\RAFAEL\Pavark
    2007-10-31 13:41 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-30 16:42 <REP> d-------- C:\Program Files\TESTRAF
    2007-10-30 16:33 <REP> d-------- C:\Program Files\a-squared Free
    2007-10-30 09:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-25 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft2
    2007-10-25 09:02 <REP> d-------- C:\Program Files\Draxysoft
    2007-10-25 08:55 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Wallpaper
    2007-10-25 08:50 <REP> d-------- C:\Program Files\Change Mon Ecran
    2007-10-24 16:37 <REP> d-------- C:\Program Files\Change Ecran
    2007-10-24 13:29 <REP> d-------- C:\Program Files\PapierPeint
    2007-10-19 15:07 127,043 --a------ C:\WINDOWS\CWBAFDM.EXE
    2007-10-19 15:07 37,376 --a------ C:\WINDOWS\system32\CWBAFAPI.DLL
    2007-10-15 10:41 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Samsung
    2007-10-10 08:54 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-05 13:07 <REP> d-------- C:\Program Files\QuickTime Alternative
    2007-10-05 13:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-09-27 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{BA5D4C17-BBA0-42C9-A526-23FE5567F32B}
    2007-09-20 12:55 <REP> d-------- C:\WINDOWS\pzzxs
    2007-09-20 12:31 <REP> d-------- C:\TLKGAMES
    2007-09-18 13:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 13:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-18 13:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-07 14:19 <REP> d-------- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
    2007-09-07 14:19 <REP> d-------- C:\Program Files\DVDVIDEOSOFT
    2007-09-07 12:56 <REP> d-------- C:\Program Files\MediaCoder
    2007-09-07 11:27 <REP> d-------- C:\Documents and Settings\RAFAEL\dwhelper
    2007-09-06 10:11 342,144 --a------ C:\WINDOWS\system32\drivers\sfsz.sys
    2007-09-06 10:11 159,907 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
    2007-09-06 10:11 15,488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys
    2007-09-06 10:11 13,056 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys
    2007-09-06 10:11 5,120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys
    2007-09-06 09:55 294,993 --a------ C:\WINDOWS\system32\MicroSANClient.dll
    2007-09-06 09:55 114,688 --a------ C:\WINDOWS\system32\ZNS_Resource.dll
    2007-09-06 09:55 98,381 --a------ C:\WINDOWS\system32\MicroSANDevice.dll
    2007-09-06 09:55 81,988 --a------ C:\WINDOWS\system32\LSMAPI.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-31 12:42 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-10-31 10:17 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\OpenOffice.org2
    2007-10-31 09:06 --------- d-----w C:\Program Files\Le Mystere de la Momie Demo
    2007-10-31 09:06 --------- d-----w C:\Program Files\KaraFun
    2007-10-31 09:06 --------- d-----w C:\Program Files\JkDefrag
    2007-10-31 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio
    2007-10-31 09:04 --------- d-----w C:\Program Files\BankPerfect
    2007-10-31 09:03 --------- d-----w C:\Program Files\CursorXP
    2007-10-31 09:00 --------- d-----w C:\Program Files\Acoustica CD Label Maker
    2007-10-30 08:38 --------- d-----w C:\Program Files\Norton AntiVirus
    2007-10-30 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-24 09:57 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\XnView
    2007-10-22 07:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-22 07:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-22 07:59 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-22 07:59 --------- d-----w C:\Program Files\Symantec
    2007-09-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-24 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-06 09:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-06 09:02 --------- d-----w C:\Program Files\NETGEAR
    2007-08-30 13:39 --------- d-----w C:\Program Files\Pando
    2007-05-25 14:04 72,440 ----a-w C:\Documents and Settings\RAFAEL\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-25 11:20 134 ----a-w C:\Program Files\satsukidecodersettings.ini
    2005-03-29 13:37 456,384 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys
    2005-01-27 09:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE
    2005-01-27 09:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 17:30]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" []
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
    "Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-08-06 05:20]
    "Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-08-06 05:20]
    "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-08-06 05:20]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2006-01-27 23:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
    Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
    Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2005-04-19 15:40:34]
    SoftRemoteLT.lnk - C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe [2007-02-22 16:29:26]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=0 (0x0)
    "NoFavoritesMenu"=0 (0x0)
    "NoLogOff"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    Atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]
    C:\Program Files\Change Ecran\Change Ecran.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walser]
    C:\Program Files\Draxysoft\Wallpaper Sequencer ultra\Walser.exe start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "bgsvcgen"=2 (0x2)
    "ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    "AtiPTA"=Atiptaxx.exe
    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
    "Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"

    R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
    R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys
    R1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys
    R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
    R2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sys
    R2 EACSvrMngr;(Equant Access Companion) Services Manager;C:\Program Files\Equant\Dialer\EACSvrMngr.exe
    R2 EQDRV5;EQUANT NDIS 5 Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\eqdrv5.sys
    R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
    R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
    R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys
    R3 EACSys;(Equant Access Companion) Devices and Services Monitoring;C:\Program Files\Equant\Dialer\EACSys.exe
    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys
    R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys
    R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys
    S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    S2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
    S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys
    S3 nk4Seem;nk4Seem;\??\C:\util\sécurite\analyseurs\Seem\nk4Seem.sys
    S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys

    *Newly Created Service* - AAVMKER4
    *Newly Created Service* - ASWMON2
    *Newly Created Service* - ASWTDI
    *Newly Created Service* - ASWUPDSV
    *Newly Created Service* - AVAST!_ANTIVIRUS
    *Newly Created Service* - ZETSFD
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-31 11:35:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - RAFAEL.job"
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-31 18:37:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-31 18:41:51 - machine was rebooted
    .
    --- E O F ---
    a b 8 Sécurité
    2 Novembre 2007 13:05:15

    Re,

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    2 Novembre 2007 13:18:31

    Bonjour et merci AngelDark de m'aider
    Je ne peux pas installer Navilog1 car la page du site de Orange est en travaux
    Sinon j'ai lancé un Log S & D et voici le rapport



    ------------------------------[ Lop S&D 1.5 ]----------------------------

    Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    Lancé depuis : "C:\Documents and Settings\RAFAEL\Bureau"

    Rapport créé Le 02/11/2007 à 12:58:53,69 PC : PCRAF

    ! Faire analyser le rapport par un Helper avant intervention !

    -------------[ Listing des Dossiers dans Application Data ]-------------

    C:\Documents and settings\All Users\Application Data\Recisio
    C:\Documents and settings\All Users\Application Data\Emjysoft2
    C:\Documents and settings\All Users\Application Data\Apple Computer
    C:\Documents and settings\All Users\Application Data\{BA5D4C17-BBA0-42C9-A526-23FE5567F32B}
    C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and settings\All Users\Application Data\Symantec
    C:\Documents and settings\All Users\Application Data\DVD Shrink
    C:\Documents and settings\All Users\Application Data\a32w
    C:\Documents and settings\All Users\Application Data\Bluetooth
    C:\Documents and settings\All Users\Application Data\Real
    C:\Documents and settings\All Users\Application Data\Adobe
    C:\Documents and settings\All Users\Application Data\PC Drivers Headquarters
    C:\Documents and settings\All Users\Application Data\Microsoft
    C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and settings\All Users\Application Data\MSN6
    C:\Documents and settings\All Users\Application Data\hpzinstall.log
    C:\Documents and settings\All Users\Application Data\Hewlett-Packard
    C:\Documents and settings\All Users\Application Data\HP
    C:\Documents and settings\All Users\Application Data\desktop.ini

    C:\Documents and settings\Default User\Application Data\Microsoft
    C:\Documents and settings\Default User\Application Data\desktop.ini

    C:\Documents and settings\LocalService\Application Data\Microsoft

    C:\Documents and settings\NetworkService\Application Data\Microsoft

    C:\Documents and settings\RAFAEL\Application Data\XnView
    C:\Documents and settings\RAFAEL\Application Data\OpenOffice.org2
    C:\Documents and settings\RAFAEL\Application Data\Wallpaper
    C:\Documents and settings\RAFAEL\Application Data\Microsoft
    C:\Documents and settings\RAFAEL\Application Data\Samsung
    C:\Documents and settings\RAFAEL\Application Data\LEAPS
    C:\Documents and settings\RAFAEL\Application Data\Pegasys Inc
    C:\Documents and settings\RAFAEL\Application Data\Media Player Classic
    C:\Documents and settings\RAFAEL\Application Data\Adobe
    C:\Documents and settings\RAFAEL\Application Data\GDIPFONTCACHEV1.DAT
    C:\Documents and settings\RAFAEL\Application Data\Acoustica
    C:\Documents and settings\RAFAEL\Application Data\Real
    C:\Documents and settings\RAFAEL\Application Data\DivX
    C:\Documents and settings\RAFAEL\Application Data\Microsoft Excel.ADR
    C:\Documents and settings\RAFAEL\Application Data\Symantec
    C:\Documents and settings\RAFAEL\Application Data\AdobeUM
    C:\Documents and settings\RAFAEL\Application Data\Sun
    C:\Documents and settings\RAFAEL\Application Data\vlc
    C:\Documents and settings\RAFAEL\Application Data\MSN6
    C:\Documents and settings\RAFAEL\Application Data\Mozilla
    C:\Documents and settings\RAFAEL\Application Data\Help
    C:\Documents and settings\RAFAEL\Application Data\IsolatedStorage
    C:\Documents and settings\RAFAEL\Application Data\Macromedia
    C:\Documents and settings\RAFAEL\Application Data\Identities
    C:\Documents and settings\RAFAEL\Application Data\desktop.ini

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    C:\WINDOWS\tasks\Norton AntiVirus - Analyse système complète - RAFAEL.job
    C:\WINDOWS\tasks\SA.DAT
    C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans Program Files ]--------------

    C:\Program Files\1964
    C:\Program Files\2K Games
    C:\Program Files\AC3Filter
    C:\Program Files\Acoustica CD Label Maker
    C:\Program Files\Adobe
    C:\Program Files\adslTV
    C:\Program Files\Ahead
    C:\Program Files\AIDA32 - Enterprise System Information
    C:\Program Files\AIK
    C:\Program Files\Alwil Software
    C:\Program Files\ArtCursors
    C:\Program Files\a-squared Free
    C:\Program Files\BankPerfect
    C:\Program Files\CCleaner
    C:\Program Files\Change Ecran
    C:\Program Files\Change Mon Ecran
    C:\Program Files\CHRYOPROD
    C:\Program Files\C-Media 3D Audio
    C:\Program Files\ComPlus Applications
    C:\Program Files\CoSine Communications
    C:\Program Files\CursorXP
    C:\Program Files\DivX
    C:\Program Files\Draxysoft
    C:\Program Files\Driver-Soft
    C:\Program Files\DVDVIDEOSOFT
    C:\Program Files\EClea2_0-1
    C:\Program Files\Equant
    C:\Program Files\ffdshow
    C:\Program Files\Fichiers communs
    C:\Program Files\Fritivi
    C:\Program Files\Haali
    C:\Program Files\HardwareDetection
    C:\Program Files\Hewlett-Packard
    C:\Program Files\Hijackthis Version Française
    C:\Program Files\HP
    C:\Program Files\IBM
    C:\Program Files\Illustrate
    C:\Program Files\Internet Explorer
    C:\Program Files\IVT Corporation
    C:\Program Files\Java
    C:\Program Files\JkDefrag
    C:\Program Files\jv16 PowerTools 2005
    C:\Program Files\KaraFun
    C:\Program Files\Le Mystere de la Momie Demo
    C:\Program Files\Media Player Classic
    C:\Program Files\MediaCoder
    C:\Program Files\Messenger
    C:\Program Files\Micro Application
    C:\Program Files\microsoft frontpage
    C:\Program Files\Microsoft Games
    C:\Program Files\Microsoft Office
    C:\Program Files\Microsoft Visual Studio
    C:\Program Files\Movie Maker
    C:\Program Files\Mozilla Firefox
    C:\Program Files\MSN
    C:\Program Files\MSN Gaming Zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\My Drivers
    C:\Program Files\NETGEAR
    C:\Program Files\NetMeeting
    C:\Program Files\Norton AntiVirus
    C:\Program Files\OpenOffice.org 2.0
    C:\Program Files\option
    C:\Program Files\Outlook Express
    C:\Program Files\Pando
    C:\Program Files\PapierPeint
    C:\Program Files\Pegasys Inc
    C:\Program Files\PhotoFiltre
    C:\Program Files\Project64 1.6
    C:\Program Files\Project64 v1.5
    C:\Program Files\Quick ShutDown
    C:\Program Files\QuickTime Alternative
    C:\Program Files\Real Alternative
    C:\Program Files\ReflexiveArcade
    C:\Program Files\RegCleaner
    C:\Program Files\Samsung
    C:\Program Files\satsukidecodersettings.ini
    C:\Program Files\Services en ligne
    C:\Program Files\Smart Projects
    C:\Program Files\SplitCam
    C:\Program Files\Spn
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\Symantec
    C:\Program Files\TasksKiller
    C:\Program Files\TechSmith
    C:\Program Files\TESTRAF
    C:\Program Files\Trend Micro
    C:\Program Files\Tronics
    C:\Program Files\Ulead Systems
    C:\Program Files\Unlocker
    C:\Program Files\VIA
    C:\Program Files\VIA Technologies, Inc
    C:\Program Files\VideoLAN
    C:\Program Files\vlc-0.8.5
    C:\Program Files\Windows Media Components
    C:\Program Files\Windows Media Player
    C:\Program Files\Windows NT
    C:\Program Files\WinRAR
    C:\Program Files\xerox
    C:\Program Files\XnView
    D:\Program Files\Advanced Invisible Keylogger
    D:\Program Files\Project64 v1.5

    ------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

    C:\program files\fichiers communs\Adobe
    C:\program files\fichiers communs\Ahead
    C:\program files\fichiers communs\Designer
    C:\program files\fichiers communs\Deterministic Networks
    C:\program files\fichiers communs\DVDVIDEOSOFT
    C:\program files\fichiers communs\Hewlett-Packard
    C:\program files\fichiers communs\HP
    C:\program files\fichiers communs\InstallShield
    C:\program files\fichiers communs\Java
    C:\program files\fichiers communs\Microsoft Shared
    C:\program files\fichiers communs\MSSoap
    C:\program files\fichiers communs\ODBC
    C:\program files\fichiers communs\Services
    C:\program files\fichiers communs\SpeechEngines
    C:\program files\fichiers communs\SureThing Shared
    C:\program files\fichiers communs\SWF Studio
    C:\program files\fichiers communs\Symantec Shared
    C:\program files\fichiers communs\System

    ----------------------[ Recherche dans le Registre ]----------------------

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


    -----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

    Aucun dossier Lop trouvé !

    --------------------[ Vérification du fichier Hosts ]---------------------

    Fichier Hosts : Propre
    a b 8 Sécurité
    2 Novembre 2007 14:50:31

    Ne poste pas des rapports non demandés !
    La page est accessible.
    2 Novembre 2007 15:05:22

    Voici le rapport de navilog AngelDark

    Search Navipromo version 3.3.4 commencé le 02/11/2007 à 15:02:32,80

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11


    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\RAFAEL\Application Data ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\WINDOWS\system32
    - C:\DOCUME~1\RAFAEL\LOCALS~1\APPLIC~1



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans C:\DOCUME~1\RAFAEL\LOCALS~1\APPLIC~1 *



    *** Recherche fichiers ***




    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :



    3)Recherche Certificats :

    Certificat Egroup absent !


    *** Analyse terminée le 02/11/2007 à 15:03:57,16 ***
    a b 8 Sécurité
    2 Novembre 2007 16:21:00

    Refais un scan Combofix puis poste le rapport :) 
    2 Novembre 2007 17:36:48

    Voici le dernier rapport de Combofix
    Merci pour ton aide !!

    ComboFix 07-10-29.1 - RAFAEL 2007-11-02 17:21:05.2 - NTFSx86
    Running from: C:\Documents and Settings\RAFAEL\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-02 14:59 <REP> d-------- C:\Program Files\Navilog1
    2007-10-31 18:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-31 17:09 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-31 17:09 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-31 17:09 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-31 17:09 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-31 17:09 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-31 17:08 <REP> d-------- C:\Program Files\Alwil Software
    2007-10-31 17:08 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-10-31 17:08 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-10-31 13:49 <REP> d-------- C:\Documents and Settings\RAFAEL\Pavark
    2007-10-31 13:41 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-30 16:42 <REP> d-------- C:\Program Files\TESTRAF
    2007-10-30 16:33 <REP> d-------- C:\Program Files\a-squared Free
    2007-10-30 09:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-25 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Emjysoft2
    2007-10-25 09:02 <REP> d-------- C:\Program Files\Draxysoft
    2007-10-25 08:55 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Wallpaper
    2007-10-25 08:50 <REP> d-------- C:\Program Files\Change Mon Ecran
    2007-10-24 16:37 <REP> d-------- C:\Program Files\Change Ecran
    2007-10-24 13:29 <REP> d-------- C:\Program Files\PapierPeint
    2007-10-19 15:07 127,043 --a------ C:\WINDOWS\CWBAFDM.EXE
    2007-10-19 15:07 37,376 --a------ C:\WINDOWS\system32\CWBAFAPI.DLL
    2007-10-15 10:41 <REP> d-------- C:\Documents and Settings\RAFAEL\Application Data\Samsung
    2007-10-10 08:54 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-05 13:07 <REP> d-------- C:\Program Files\QuickTime Alternative
    2007-10-05 13:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-02 14:10 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\OpenOffice.org2
    2007-11-02 11:10 --------- d-----w C:\Documents and Settings\RAFAEL\Application Data\XnView
    2007-10-31 12:42 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-10-31 09:06 --------- d-----w C:\Program Files\Le Mystere de la Momie Demo
    2007-10-31 09:06 --------- d-----w C:\Program Files\KaraFun
    2007-10-31 09:06 --------- d-----w C:\Program Files\JkDefrag
    2007-10-31 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Recisio
    2007-10-31 09:04 --------- d-----w C:\Program Files\BankPerfect
    2007-10-31 09:03 --------- d-----w C:\Program Files\CursorXP
    2007-10-31 09:00 --------- d-----w C:\Program Files\Acoustica CD Label Maker
    2007-10-30 08:38 --------- d-----w C:\Program Files\Norton AntiVirus
    2007-10-30 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-22 07:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-22 07:59 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-22 07:59 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-22 07:59 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-22 07:59 --------- d-----w C:\Program Files\Symantec
    2007-09-27 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\{BA5D4C17-BBA0-42C9-A526-23FE5567F32B}
    2007-09-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-24 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-07 13:19 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
    2007-09-07 13:19 --------- d-----w C:\Program Files\DVDVIDEOSOFT
    2007-09-07 12:30 --------- d-----w C:\Program Files\MediaCoder
    2007-09-06 09:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-06 09:02 --------- d-----w C:\Program Files\NETGEAR
    2007-08-24 11:42 53,248 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
    2007-08-24 11:42 118,784 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-25 14:04 72,440 ----a-w C:\Documents and Settings\RAFAEL\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-25 11:20 134 ----a-w C:\Program Files\satsukidecodersettings.ini
    2005-03-29 13:37 456,384 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys
    2005-01-27 09:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE
    2005-01-27 09:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-31_18.39.03.64 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-02 10:04:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_27c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 17:30]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" []
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
    "Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-08-06 05:20]
    "Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-08-06 05:20]
    "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-08-06 05:20]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
    "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2006-01-27 23:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
    Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
    Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

    C:\Documents and Settings\RAFAEL\Menu Démarrer\Programmes\Démarrage\
    Raccourci vers APLUS.lnk - C:\Program Files\IBM\Client Access\Emulator\Private\APLUS.WS [2006-03-30 12:44:48]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2005-04-19 15:40:34]
    SoftRemoteLT.lnk - C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe [2007-02-22 16:29:26]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=0 (0x0)
    "NoFavoritesMenu"=0 (0x0)
    "NoLogOff"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    Atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]
    C:\Program Files\Change Ecran\Change Ecran.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walser]
    C:\Program Files\Draxysoft\Wallpaper Sequencer ultra\Walser.exe start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "bgsvcgen"=2 (0x2)
    "ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    "AtiPTA"=Atiptaxx.exe
    "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
    "Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"

    R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
    R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys
    R1 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys
    R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
    R2 Crypto;Crypto;\??\C:\WINDOWS\system32\Drivers\Crypto.sys
    R2 EACSvrMngr;(Equant Access Companion) Services Manager;C:\Program Files\Equant\Dialer\EACSvrMngr.exe
    R2 EQDRV5;EQUANT NDIS 5 Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\eqdrv5.sys
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
    R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
    R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys
    R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys
    R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys
    R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys
    S2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
    S3 EACSys;(Equant Access Companion) Devices and Services Monitoring;C:\Program Files\Equant\Dialer\EACSys.exe
    S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys
    S3 nk4Seem;nk4Seem;\??\C:\util\sécurite\analyseurs\Seem\nk4Seem.sys
    S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys

    *Newly Created Service* - ASWRDR
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-02 11:35:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse système complète - RAFAEL.job"
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 17:25:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 17:27:28
    C:\ComboFix2.txt ... 2007-10-31 18:41
    .
    --- E O F ---
    2 Novembre 2007 18:24:33

    J'ai une question AngelDark,
    Si j'ai une autre machine qui a les memes symptomes que cette machine là, est ce que je peux faire chaque étape de A à Z ou dois-je reposter une demande d'aide sur le forum
    Merci pour la réponse.
    2 Novembre 2007 21:19:56

    AngelDark bonsoir,
    Je suis sur mon autre pc là, peux tu me dire si je dois tout refaire comme pour l'autre ou dois je faire autrement ?
    Merci par avance (pour Antivir je le ferais lundi matin sur l'autre pc)
    a b 8 Sécurité
    2 Novembre 2007 21:56:33

    Pas pareil :) 
    2 Novembre 2007 23:20:23

    Par quoi dois je commencer AngelDark ?
    a b 8 Sécurité
    6 Novembre 2007 13:53:03

    Tu peux réaliser la procédure demandé ?
    [encore désolé pour le lock]
    6 Novembre 2007 14:01:17

    Voici le rapport de Antivir
    Mais petite précision, l'update ne marche pas
    J'ai du faire la mise a jour manuelle en récupérant le zip (ivdf_fusebundle_nt_en.zip) sur le site Antivir
    Est ce normal ?

    AntiVir PersonalEdition Classic
    Report file date: mardi 6 novembre 2007 09:21

    Scanning for 916490 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PCRAF

    Version information:
    BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:36
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:36:36
    ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 05/11/2007 14:14:46
    ANTIVIR3.VDF : 7.0.0.173 2048 Bytes 05/11/2007 14:14:46
    AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 26/10/2007 13:37:42
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 05/11/2007 14:14:48
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 24/08/2007 09:53:16
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 6 novembre 2007 09:21

    Starting search for hidden objects.
    '26982' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
    Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'pcsws.exe' - '1' Module(s) have been scanned
    Scan process 'pcsws.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'pcscm.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'pcsws.exe' - '1' Module(s) have been scanned
    Scan process 'SafeCfg.exe' - '1' Module(s) have been scanned
    Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned
    Scan process 'Z-SANService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'gearsec.exe' - '1' Module(s) have been scanned
    Scan process 'EACSvrMngr.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'IreIKE.exe' - '1' Module(s) have been scanned
    Scan process 'IPSecMon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    41 processes with 41 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!
    Master boot sector HD2
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'G:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '44' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système
    de fichiers nécessaires sont chargés et si le volume n'est pas endommagé.



    End of the scan: mardi 6 novembre 2007 13:07
    Used time: 3:46:02 min

    The scan has been done completely.

    5747 Scanning directories
    310734 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    310734 Files not concerned
    6800 Archives were scanned
    2 Warnings
    6 Notes
    26982 Objects were scanned with rootkit scan
    0 Hidden objects were found

    a b 8 Sécurité
    6 Novembre 2007 14:07:53

    Quel est ton FAI ?
    6 Novembre 2007 14:11:08

    wanadoo, pourquoi ?
    a b 8 Sécurité
    6 Novembre 2007 14:21:14

    Il y a parfois des problèmes de MaJ entre les deux.
    Reposte un rapport Hijackthis.
    6 Novembre 2007 15:40:59

    Logfile of HijackThis v1.99.1
    Scan saved at 15:40 , on 06/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Equant\Dialer\Safenet\IPSecMon.exe
    C:\Program Files\Equant\Dialer\Safenet\IreIKE.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Equant\Dialer\EACSvrMngr.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe
    C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
    C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
    C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
    C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
    C:\Program Files\a-squared Free\a2free.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
    O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Walser] C:\Program Files\Draxysoft\Wallpaper Sequencer\Walser.exe start
    O4 - Startup: Raccourci vers APLUS.lnk = ?
    O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\Equant\Dialer\Safenet\SafeCfg.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4EED0678-28EE-494A-9E9E-91C392530A9A}: NameServer = 193.252.19.3,193.252.19.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EBFB8148-DB58-4958-B9B1-DBDA6F49A41E}: NameServer = 193.252.19.3,193.252.19.4
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: 217C327C - Unknown owner - C:\WINDOWS\system32\217C327C.exe
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
    O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Program Files\Equant\Dialer\EACSys.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Equant\Dialer\Safenet\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Equant\Dialer\Safenet\IreIKE.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

    a b 8 Sécurité
    6 Novembre 2007 15:42:44

    Analyse ce fichier (C:\WINDOWS\system32\217C327C.exe) sur VirusTotal puis poste le rapport.
    6 Novembre 2007 16:18:09

    Fichier 217C327C.exe reçu le 2007.11.06 15:59:45 (CET)
    Résultat: 0/32 (0%)

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.7.0 2007.11.06 -
    AntiVir 7.6.0.30 2007.11.05 -
    Authentium 4.93.8 2007.11.05 -
    Avast 4.7.1074.0 2007.11.05 -
    AVG 7.5.0.503 2007.11.06 -
    BitDefender 7.2 2007.11.06 -
    CAT-QuickHeal 9.00 2007.11.06 -
    ClamAV 0.91.2 2007.11.06 -
    DrWeb 4.44.0.09170 2007.11.06 -
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5270 2007.11.05 -
    Ewido 4.0 2007.11.06 -
    FileAdvisor 1 2007.11.06 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.06 -
    F-Secure 6.70.13030.0 2007.11.06 -
    Ikarus T3.1.1.12 2007.11.06 -
    Kaspersky 7.0.0.125 2007.11.06 -
    McAfee 5156 2007.11.05 -
    Microsoft 1.3007 2007.11.06 -
    NOD32v2 2640 2007.11.06 -
    Norman 5.80.02 2007.11.06 -
    Panda 9.0.0.4 2007.11.06 -
    Prevx1 V2 2007.11.06 -
    Rising 20.17.12.00 2007.11.06 -
    Sophos 4.23.0 2007.11.06 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.06 -
    TheHacker 6.2.9.117 2007.11.06 -
    VBA32 3.12.2.4 2007.11.06 -
    VirusBuster 4.3.26:9 2007.11.05 -
    Webwasher-Gateway 6.0.1 2007.11.05 -
    Information additionnelle
    File size: 6656 bytes
    MD5: 2d2cfd52b636a3acdd036b74e55b9a7a
    SHA1: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9
    a b 8 Sécurité
    6 Novembre 2007 16:20:02

    Tu as les mêmes problèmes ?
    6 Novembre 2007 17:02:04

    Non j'ai maintenant un antivirus, mais par contre spybot ne s'installe pas car dans le repertoire C:\Documents and Settings\All Users\Application Data tous les repertoires sont en "acces refusé" impossible de supprimer Spybot en entier
    De plus le mode sans echec ne fonctionne toujours pas
    Merci de me venir en aide !
    a b 8 Sécurité
    6 Novembre 2007 17:20:37

    Tu as essayé en sans échec ?
    6 Novembre 2007 17:29:36

    Je n'ai plus acces au mode sans echec
    Le pc tourne dans le vide pendant 5 mn

    a b 8 Sécurité
    6 Novembre 2007 17:53:22

    Quel est l'emplacement du dossier ?
    6 Novembre 2007 18:11:15

    J'ai enfin pu faire un mode sans echec, et là aussi impossible de supprimer ce repertoire de spybot :
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    a b 8 Sécurité
    6 Novembre 2007 18:31:47

    Tu as essayé avec UnLocker ?
    6 Novembre 2007 20:31:40

    Oui AngelDark j'ai essayé avec Unlocker mais rien y fait ni l'effacer, ni le déplacer, ni le renommer...
    Il me propose aussi d'effectuer l'action après le redémarrage de la machine mais rien y fait !
    a b 8 Sécurité
    6 Novembre 2007 20:40:56

    C'est vraiment si grave ?
    6 Novembre 2007 20:47:58

    Ben disons que j'ai pas spybot car il considere que le repertoire existe déjà donc pas possisble de le réinstaller
    a b 8 Sécurité
    6 Novembre 2007 20:58:17

    Re,

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne tous les emplacements dans le cadre ci-dessous :

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    6 Novembre 2007 22:59:29

    Super il m'a déplacé le repertoire et tous les autres repertoires qui voulaient pas s'ouvrir, car ils étaient en acces refusé, s'ouvrent maintenant
    Merci AngelDark

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy moved successfully.

    Created on 11/06/2007 22:49:23
    a b 8 Sécurité
    6 Novembre 2007 23:00:56

    C'est ok ?
    7 Novembre 2007 11:00:01

    Fausses joies le rapport du dessus est de ma seconde machine qui est bonne
    Celui de celle ci est le suivant :
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy scheduled to be moved on reboot.

    Created on 11/07/2007 10:35:33
    Meme après reboot pas de dépalcement du dossier
    Que puis je faire ?
    a b 8 Sécurité
    7 Novembre 2007 13:18:52

    Je sais pas :/ 
    a b 8 Sécurité
    7 Novembre 2007 14:09:31

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS