Votre question

Même problème que djams69

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Octobre 2007 16:06:54

Bonjour,
J'ai le même problème que celui de djams69.
J'ai posté un message à la suite du sien mais ce n'est peut être pas le bon endroit.
J'ai téléchargé Ad-aware qui m'a dit avoir nettoyé mais quelques temps plus tard .. ça revient..
Je refais des scan et re-belote !
J'arrive à travailler un peu en arrêtant le processus explorer mais ce n'est pas très pratique.
Quelqu'un m'a dit de télécharger unlocker et d'aller supprimer des fichiers récents dans system32 mais ... je ne sais pas lesquels.
Voici le rapport hijackthis.
Grand merci d'avance à celui ou celle qui peut me guider ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:27, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\program files\u-storage tools2.1\ustorage.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vphc600.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\fichiers communs\aol\1142028331\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1142028331\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Christian DELAROCHE\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.packardbell.fr/easysear [...] eyword=aol
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\OPLIMIT\OCRAWARE.EXE
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57108EF1-38B6-1BF2-03C5-04581AB60D22} - C:\Program Files\jocsepsw\npjdssec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - C:\WINDOWS\movctrlflm.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - C:\WINDOWS\nssfrch.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [phc650] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hkfqratw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hkfqratw.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: TrayMin650.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/e [...] nSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 7681624218
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: bxsbang - {9823B450-BB88-4F33-935D-F13E6D0F2912} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {0B995532-76BE-46E8-81F5-DAFC3AB48A9B} - C:\WINDOWS\ocgrep.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13838 bytes

Autres pages sur : probleme djams69

a b 8 Sécurité
26 Octobre 2007 16:09:21

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    26 Octobre 2007 16:11:29

    angeldark peut tu m'aider dans mon topic car je galere. et je sais si je vais rester connecter jusqu'a ce soir.
    merci d'avance et désolé de faire ca.
    Contenus similaires
    a b 8 Sécurité
    26 Octobre 2007 16:12:31

    On s'occupe déjà de ton cas :) 
    26 Octobre 2007 16:15:01

    bon bin merci quand meme!
    26 Octobre 2007 16:43:34

    Je vois que je ne suis pas le seul à être infesté !
    Voici le rapport de combofix


    ComboFix 07-10-26.4 - C D 2007-10-26 16:20:38.1 - NTFSx86
    Running from: C:\Documents and Settings\Cxxxxx xxxxxxxxx\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\hkfqratw.dll
    C:\WINDOWS\system32\winspool.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\nm


    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-26 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-23 19:50 <REP> d-------- C:\Program Files\Lavasoft
    2007-10-23 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-23 17:36 <REP> d-------- C:\Program Files\Windows Defender
    2007-10-23 17:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-23 10:47 <REP> d-------- C:\Program Files\jocsepsw
    2007-10-23 10:41 281,600 --a------ C:\WINDOWS\ocgrep.dll
    2007-10-23 10:41 257,536 --a------ C:\WINDOWS\bxsbang.dll
    2007-10-23 10:41 253,952 --a------ C:\WINDOWS\movctrlflm.dll
    2007-10-23 10:41 75,776 --a------ C:\WINDOWS\nssfrch.dll
    2007-10-15 11:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-10-10 08:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-06 18:15 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-10-06 18:15 <REP> d-------- C:\temp\ext48948
    2007-10-06 18:15 <REP> d-------- C:\temp
    2007-10-06 18:15 <REP> d-------- C:\Program Files\Microsoft FrontPage Express

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-26 07:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-23 18:25 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-10-23 18:25 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-10-15 09:35 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-10-06 22:55 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\Skype
    2007-10-05 21:33 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\TribalWeb
    2007-10-04 06:02 --------- d-----w C:\Program Files\Symantec
    2007-10-03 21:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-03 21:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-03 21:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-03 21:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-09-25 20:49 --------- d-----w C:\Program Files\Picasa2
    2007-09-21 13:21 --------- d-----w C:\Program Files\iTunes
    2007-09-21 13:21 --------- d-----w C:\Program Files\iPod
    2007-09-21 13:11 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-20 21:40 --------- d-----w C:\Program Files\Norton Internet Security
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-17 15:23 --------- d-----w C:\Program Files\Skype
    2007-09-17 15:23 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-09-17 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-06 21:35 --------- d-----w C:\Program Files\MioNet
    2007-09-06 10:16 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-08-29 21:18 --------- d-----w C:\Program Files\MSXML 4.0
    2007-08-29 06:18 --------- d-----w C:\Program Files\Java
    2007-08-22 12:57 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:57 669,696 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:57 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:57 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:57 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:57 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:57 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2005-01-30 22:50 22,606,384 ----a-w C:\Program Files\AdbeRdr70_fra_full.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57108EF1-38B6-1BF2-03C5-04581AB60D22}]
    2007-10-23 10:47 102400 --a------ C:\Program Files\jocsepsw\npjdssec.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC546B33-036A-41DA-B1CC-C1D15659520E}]
    2007-10-22 19:02 253952 --a------ C:\WINDOWS\movctrlflm.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{61AB8A39-FCCB-47CC-BAF3-750D1834E773}"= C:\WINDOWS\nssfrch.dll [2007-10-22 19:02 75776]

    [HKEY_CLASSES_ROOT\CLSID\{61AB8A39-FCCB-47CC-BAF3-750D1834E773}]
    [HKEY_CLASSES_ROOT\nssfrch.ToolBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]
    [HKEY_CLASSES_ROOT\nssfrch.ToolBar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 17:18]
    "UStorage"="c:\program files\u-storage tools2.1\ustorage.exe" [2003-05-28 17:20]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 C:\WINDOWS\SoundMan.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "phc650"="C:\WINDOWS\vphc600.exe" [2005-07-20 19:55]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14]
    "Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 21:16]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
    "HostManager"="C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe" [2006-11-17 15:16]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
    "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-29 08:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-15 11:34]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
    "FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 23:12]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

    C:\Documents and Settings\Christian DELAROCHE\Menu Démarrer\Programmes\Démarrage\
    TribalWeb.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]
    TribalWeb.net.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    AOL 9.0 Icône AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2004-12-16 21:09:07]
    AOL Compagnon.lnk - C:\Program Files\AOL Compagnon\companion.exe [2004-10-28 02:06:35]
    Exif Launcher.lnk - C:\Program Files\Exif Launcher\QuickDCF.exe [2005-10-16 23:13:41]
    TrayMin650.exe.lnk - C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe [2006-09-18 19:29:03]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bxsbang"= {9823B450-BB88-4F33-935D-F13E6D0F2912} - C:\WINDOWS\bxsbang.dll [2007-10-26 10:11 257536]
    "ocgrep"= {0B995532-76BE-46E8-81F5-DAFC3AB48A9B} - C:\WINDOWS\ocgrep.dll [2007-10-22 19:02 281600]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
    R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
    R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R3 phc600;USB PC Camera (phc650);C:\WINDOWS\system32\DRIVERS\phc600.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-09-21 13:11:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-10-26 14:32:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-10-23 15:06:17 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Christian DELAROCHE.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-26 16:30:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
    "ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
    .
    Completion time: 2007-10-26 16:36:12 - machine was rebooted
    .
    --- E O F ---
    a b 8 Sécurité
    26 Octobre 2007 16:58:58

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\movctrlflm.dll
    C:\WINDOWS\nssfrch.dll
    C:\WINDOWS\bxsbang.dll
    C:\WINDOWS\ocgrep.dll

    Folder::
    C:\Program Files\jocsepsw

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57108EF1-38B6-1BF2-03C5-04581AB60D22}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC546B33-036A-41DA-B1CC-C1D15659520E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{61AB8A39-FCCB-47CC-BAF3-750D1834E773}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "bxsbang"=-
    "ocgrep"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    26 Octobre 2007 17:31:25

    Voici donc les deux rapports...


    ComboFix 07-10-26.4 - Christian DELAROCHE 2007-10-26 17:11:42.2 - NTFSx86
    Running from: C:\Documents and Settings\Christian DELAROCHE\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Christian DELAROCHE\Bureau\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\bxsbang.dll
    C:\WINDOWS\movctrlflm.dll
    C:\WINDOWS\nssfrch.dll
    C:\WINDOWS\ocgrep.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\jocsepsw
    C:\Program Files\jocsepsw\npjdssec.dll
    C:\WINDOWS\bxsbang.dll
    C:\WINDOWS\movctrlflm.dll
    C:\WINDOWS\nssfrch.dll
    C:\WINDOWS\ocgrep.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-26 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-23 19:50 <REP> d-------- C:\Program Files\Lavasoft
    2007-10-23 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-23 17:36 <REP> d-------- C:\Program Files\Windows Defender
    2007-10-23 17:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-15 11:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-10-10 08:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-06 18:15 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-10-06 18:15 <REP> d-------- C:\temp\ext48948
    2007-10-06 18:15 <REP> d-------- C:\temp
    2007-10-06 18:15 <REP> d-------- C:\Program Files\Microsoft FrontPage Express

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-26 07:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-23 18:25 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-10-23 18:25 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-10-15 09:35 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-10-06 22:55 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\Skype
    2007-10-05 21:33 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\TribalWeb
    2007-10-04 06:02 --------- d-----w C:\Program Files\Symantec
    2007-10-03 21:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-03 21:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-10-03 21:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-10-03 21:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-09-25 20:49 --------- d-----w C:\Program Files\Picasa2
    2007-09-21 13:21 --------- d-----w C:\Program Files\iTunes
    2007-09-21 13:21 --------- d-----w C:\Program Files\iPod
    2007-09-21 13:11 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-20 21:40 --------- d-----w C:\Program Files\Norton Internet Security
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    2007-09-17 15:23 --------- d-----w C:\Program Files\Skype
    2007-09-17 15:23 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-09-17 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-06 21:35 --------- d-----w C:\Program Files\MioNet
    2007-09-06 10:16 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-08-29 21:18 --------- d-----w C:\Program Files\MSXML 4.0
    2007-08-29 06:18 --------- d-----w C:\Program Files\Java
    2007-08-22 12:57 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:57 669,696 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:57 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:57 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:57 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:57 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:57 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2005-01-30 22:50 22,606,384 ----a-w C:\Program Files\AdbeRdr70_fra_full.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 17:18]
    "UStorage"="c:\program files\u-storage tools2.1\ustorage.exe" [2003-05-28 17:20]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 C:\WINDOWS\SoundMan.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "phc650"="C:\WINDOWS\vphc600.exe" [2005-07-20 19:55]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14]
    "Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 21:16]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
    "HostManager"="C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe" [2006-11-17 15:16]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
    "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-29 08:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-15 11:34]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
    "FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 23:12]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

    C:\Documents and Settings\Christian DELAROCHE\Menu Démarrer\Programmes\Démarrage\
    TribalWeb.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]
    TribalWeb.net.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    AOL 9.0 Icône AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2004-12-16 21:09:07]
    AOL Compagnon.lnk - C:\Program Files\AOL Compagnon\companion.exe [2004-10-28 02:06:35]
    Exif Launcher.lnk - C:\Program Files\Exif Launcher\QuickDCF.exe [2005-10-16 23:13:41]
    TrayMin650.exe.lnk - C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe [2006-09-18 19:29:03]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
    R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
    R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R3 phc600;USB PC Camera (phc650);C:\WINDOWS\system32\DRIVERS\phc600.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-09-21 13:11:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-10-26 15:20:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2007-10-23 15:06:17 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Christian DELAROCHE.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-26 17:20:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
    "ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
    .
    Completion time: 2007-10-26 17:24:39 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-26 16:36
    .
    --- E O F ---

    ******************************************************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:29:07, on 26/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\MioNet\MioNetManager.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\program files\u-storage tools2.1\ustorage.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vphc600.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\WINDOWS\system32\NILaunch.exe
    C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\FolderShare\FolderShare.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe
    C:\Program Files\TribalWeb.net\tribalweb.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\program files\fichiers communs\aol\1142028331\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
    c:\program files\fichiers communs\aol\1142028331\ee\aolsoftware.exe
    C:\Program Files\AOL Compagnon\companion.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Christian DELAROCHE\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.packardbell.fr/easysearch/index.asp?query=1&...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.1
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [phc650] C:\WINDOWS\vphc600.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: TrayMin650.exe.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 12500 bytes
    a b 8 Sécurité
    26 Octobre 2007 17:35:48

    C'est mieux maintenant ?
    26 Octobre 2007 17:39:02

    angeldark toi tu est tout le temps la moi mon helper est pas souvent la. du coup j'attend.
    a b 8 Sécurité
    26 Octobre 2007 17:39:57

    Bah t'attends :)  Je suis là par période, lui est là le soir.
    C'est juste les fins d'après midi pour moi.
    26 Octobre 2007 17:41:50

    justement quand je n'y suis pas, bon bin ce soir j'y resterai tant pis.
    merci quand meme et désolé du dérangement.
    26 Octobre 2007 17:47:53

    Pour le moment cela se passe bien, mon PC fonctionne correctement, mais cela m'est déjà arrivé qu'au bout de 2 ou 3 heures le problème re-surgisse ...
    De toutes façons, je te remercie infiniment !
    J'admire ta rapidité de réponse !
    J'espère ne plus te déranger lundi.
    Je vais en profiter pour faire quelques sauvegardes.
    Bon week-end et merci encore ! :) 
    a b 8 Sécurité
    26 Octobre 2007 18:01:44

    Tiens moi au courant ;) 
    6 Novembre 2007 10:20:53

    Je me suis absenté quelques jours.
    Mon PC a l'air d'aller bien.
    Merci encore.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS